[BUGFIX] Decouple GeneralUtility::rmdir from Environment::isWindows()
[Packages/TYPO3.CMS.git] / typo3 / sysext / core / Classes / Utility / GeneralUtility.php
1 <?php
2 namespace TYPO3\CMS\Core\Utility;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use GuzzleHttp\Exception\RequestException;
18 use Psr\Http\Message\ServerRequestInterface;
19 use Psr\Log\LoggerAwareInterface;
20 use Psr\Log\LoggerInterface;
21 use TYPO3\CMS\Core\Cache\CacheManager;
22 use TYPO3\CMS\Core\Core\ApplicationContext;
23 use TYPO3\CMS\Core\Core\ClassLoadingInformation;
24 use TYPO3\CMS\Core\Core\Environment;
25 use TYPO3\CMS\Core\Http\RequestFactory;
26 use TYPO3\CMS\Core\Log\LogLevel;
27 use TYPO3\CMS\Core\Log\LogManager;
28 use TYPO3\CMS\Core\Service\OpcodeCacheService;
29 use TYPO3\CMS\Core\SingletonInterface;
30 use TYPO3Fluid\Fluid\Core\Rendering\RenderingContextInterface;
31
32 /**
33 * The legendary "t3lib_div" class - Miscellaneous functions for general purpose.
34 * Most of the functions do not relate specifically to TYPO3
35 * However a section of functions requires certain TYPO3 features available
36 * See comments in the source.
37 * You are encouraged to use this library in your own scripts!
38 *
39 * USE:
40 * The class is intended to be used without creating an instance of it.
41 * So: Don't instantiate - call functions with "\TYPO3\CMS\Core\Utility\GeneralUtility::" prefixed the function name.
42 * So use \TYPO3\CMS\Core\Utility\GeneralUtility::[method-name] to refer to the functions, eg. '\TYPO3\CMS\Core\Utility\GeneralUtility::milliseconds()'
43 */
44 class GeneralUtility
45 {
46 // Severity constants used by \TYPO3\CMS\Core\Utility\GeneralUtility::devLog()
47 // @deprecated since TYPO3 v9, will be removed in TYPO3 v10.0.
48 const SYSLOG_SEVERITY_INFO = 0;
49 const SYSLOG_SEVERITY_NOTICE = 1;
50 const SYSLOG_SEVERITY_WARNING = 2;
51 const SYSLOG_SEVERITY_ERROR = 3;
52 const SYSLOG_SEVERITY_FATAL = 4;
53
54 const ENV_TRUSTED_HOSTS_PATTERN_ALLOW_ALL = '.*';
55 const ENV_TRUSTED_HOSTS_PATTERN_SERVER_NAME = 'SERVER_NAME';
56
57 /**
58 * State of host header value security check
59 * in order to avoid unnecessary multiple checks during one request
60 *
61 * @var bool
62 */
63 protected static $allowHostHeaderValue = false;
64
65 /**
66 * Singleton instances returned by makeInstance, using the class names as
67 * array keys
68 *
69 * @var array<\TYPO3\CMS\Core\SingletonInterface>
70 */
71 protected static $singletonInstances = [];
72
73 /**
74 * Instances returned by makeInstance, using the class names as array keys
75 *
76 * @var array<array><object>
77 */
78 protected static $nonSingletonInstances = [];
79
80 /**
81 * Cache for makeInstance with given class name and final class names to reduce number of self::getClassName() calls
82 *
83 * @var array Given class name => final class name
84 */
85 protected static $finalClassNameCache = [];
86
87 /**
88 * The application context
89 *
90 * @var \TYPO3\CMS\Core\Core\ApplicationContext
91 */
92 protected static $applicationContext;
93
94 /**
95 * IDNA string cache
96 *
97 * @var array<string>
98 */
99 protected static $idnaStringCache = [];
100
101 /**
102 * IDNA converter
103 *
104 * @var \Mso\IdnaConvert\IdnaConvert
105 */
106 protected static $idnaConverter;
107
108 /**
109 * A list of supported CGI server APIs
110 * NOTICE: This is a duplicate of the SAME array in SystemEnvironmentBuilder
111 * @var array
112 */
113 protected static $supportedCgiServerApis = [
114 'fpm-fcgi',
115 'cgi',
116 'isapi',
117 'cgi-fcgi',
118 'srv', // HHVM with fastcgi
119 ];
120
121 /**
122 * @var array
123 */
124 protected static $indpEnvCache = [];
125
126 /*************************
127 *
128 * GET/POST Variables
129 *
130 * Background:
131 * Input GET/POST variables in PHP may have their quotes escaped with "\" or not depending on configuration.
132 * TYPO3 has always converted quotes to BE escaped if the configuration told that they would not be so.
133 * But the clean solution is that quotes are never escaped and that is what the functions below offers.
134 * Eventually TYPO3 should provide this in the global space as well.
135 * In the transitional phase (or forever..?) we need to encourage EVERY to read and write GET/POST vars through the API functions below.
136 * This functionality was previously needed to normalize between magic quotes logic, which was removed from PHP 5.4,
137 * so these methods are still in use, but not tackle the slash problem anymore.
138 *
139 *************************/
140 /**
141 * Returns the 'GLOBAL' value of incoming data from POST or GET, with priority to POST (that is equalent to 'GP' order)
142 * To enhance security in your scripts, please consider using GeneralUtility::_GET or GeneralUtility::_POST if you already
143 * know by which method your data is arriving to the scripts!
144 *
145 * @param string $var GET/POST var to return
146 * @return mixed POST var named $var and if not set, the GET var of the same name.
147 */
148 public static function _GP($var)
149 {
150 if (empty($var)) {
151 return;
152 }
153 if (isset($_POST[$var])) {
154 $value = $_POST[$var];
155 } elseif (isset($_GET[$var])) {
156 $value = $_GET[$var];
157 } else {
158 $value = null;
159 }
160 // This is there for backwards-compatibility, in order to avoid NULL
161 if (isset($value) && !is_array($value)) {
162 $value = (string)$value;
163 }
164 return $value;
165 }
166
167 /**
168 * Returns the global arrays $_GET and $_POST merged with $_POST taking precedence.
169 *
170 * @param string $parameter Key (variable name) from GET or POST vars
171 * @return array Returns the GET vars merged recursively onto the POST vars.
172 */
173 public static function _GPmerged($parameter)
174 {
175 $postParameter = isset($_POST[$parameter]) && is_array($_POST[$parameter]) ? $_POST[$parameter] : [];
176 $getParameter = isset($_GET[$parameter]) && is_array($_GET[$parameter]) ? $_GET[$parameter] : [];
177 $mergedParameters = $getParameter;
178 ArrayUtility::mergeRecursiveWithOverrule($mergedParameters, $postParameter);
179 return $mergedParameters;
180 }
181
182 /**
183 * Returns the global $_GET array (or value from) normalized to contain un-escaped values.
184 * ALWAYS use this API function to acquire the GET variables!
185 * This function was previously used to normalize between magic quotes logic, which was removed from PHP 5.5
186 *
187 * @param string $var Optional pointer to value in GET array (basically name of GET var)
188 * @return mixed If $var is set it returns the value of $_GET[$var]. If $var is NULL (default), returns $_GET itself. In any case *slashes are stipped from the output!*
189 * @see _POST(), _GP()
190 */
191 public static function _GET($var = null)
192 {
193 $value = $var === null
194 ? $_GET
195 : (empty($var) ? null : ($_GET[$var] ?? null));
196 // This is there for backwards-compatibility, in order to avoid NULL
197 if (isset($value) && !is_array($value)) {
198 $value = (string)$value;
199 }
200 return $value;
201 }
202
203 /**
204 * Returns the global $_POST array (or value from) normalized to contain un-escaped values.
205 * ALWAYS use this API function to acquire the $_POST variables!
206 *
207 * @param string $var Optional pointer to value in POST array (basically name of POST var)
208 * @return mixed If $var is set it returns the value of $_POST[$var]. If $var is NULL (default), returns $_POST itself. In any case *slashes are stipped from the output!*
209 * @see _GET(), _GP()
210 */
211 public static function _POST($var = null)
212 {
213 $value = $var === null ? $_POST : (empty($var) || !isset($_POST[$var]) ? null : $_POST[$var]);
214 // This is there for backwards-compatibility, in order to avoid NULL
215 if (isset($value) && !is_array($value)) {
216 $value = (string)$value;
217 }
218 return $value;
219 }
220
221 /**
222 * Writes input value to $_GET.
223 *
224 * @param mixed $inputGet
225 * @param string $key
226 * @deprecated since TYPO3 v9 LTS, will be removed in TYPO3 v10.0.
227 */
228 public static function _GETset($inputGet, $key = '')
229 {
230 trigger_error('GeneralUtility::_GETset() will be removed in TYPO3 v10.0. Use a PSR-15 middleware to set query parameters on the request object or set $_GET directly.', E_USER_DEPRECATED);
231 if ($key != '') {
232 if (strpos($key, '|') !== false) {
233 $pieces = explode('|', $key);
234 $newGet = [];
235 $pointer = &$newGet;
236 foreach ($pieces as $piece) {
237 $pointer = &$pointer[$piece];
238 }
239 $pointer = $inputGet;
240 $mergedGet = $_GET;
241 ArrayUtility::mergeRecursiveWithOverrule($mergedGet, $newGet);
242 $_GET = $mergedGet;
243 $GLOBALS['HTTP_GET_VARS'] = $mergedGet;
244 } else {
245 $_GET[$key] = $inputGet;
246 $GLOBALS['HTTP_GET_VARS'][$key] = $inputGet;
247 }
248 } elseif (is_array($inputGet)) {
249 $_GET = $inputGet;
250 $GLOBALS['HTTP_GET_VARS'] = $inputGet;
251 if (isset($GLOBALS['TYPO3_REQUEST']) && $GLOBALS['TYPO3_REQUEST'] instanceof ServerRequestInterface) {
252 $GLOBALS['TYPO3_REQUEST'] = $GLOBALS['TYPO3_REQUEST']->withQueryParams($inputGet);
253 }
254 }
255 }
256
257 /*************************
258 *
259 * STRING FUNCTIONS
260 *
261 *************************/
262 /**
263 * Truncates a string with appended/prepended "..." and takes current character set into consideration.
264 *
265 * @param string $string String to truncate
266 * @param int $chars Must be an integer with an absolute value of at least 4. if negative the string is cropped from the right end.
267 * @param string $appendString Appendix to the truncated string
268 * @return string Cropped string
269 */
270 public static function fixed_lgd_cs($string, $chars, $appendString = '...')
271 {
272 if ((int)$chars === 0 || mb_strlen($string, 'utf-8') <= abs($chars)) {
273 return $string;
274 }
275 if ($chars > 0) {
276 $string = mb_substr($string, 0, $chars, 'utf-8') . $appendString;
277 } else {
278 $string = $appendString . mb_substr($string, $chars, mb_strlen($string, 'utf-8'), 'utf-8');
279 }
280 return $string;
281 }
282
283 /**
284 * Match IP number with list of numbers with wildcard
285 * Dispatcher method for switching into specialised IPv4 and IPv6 methods.
286 *
287 * @param string $baseIP Is the current remote IP address for instance, typ. REMOTE_ADDR
288 * @param string $list Is a comma-list of IP-addresses to match with. *-wildcard allowed instead of number, plus leaving out parts in the IP number is accepted as wildcard (eg. 192.168.*.* equals 192.168). If list is "*" no check is done and the function returns TRUE immediately. An empty list always returns FALSE.
289 * @return bool TRUE if an IP-mask from $list matches $baseIP
290 */
291 public static function cmpIP($baseIP, $list)
292 {
293 $list = trim($list);
294 if ($list === '') {
295 return false;
296 }
297 if ($list === '*') {
298 return true;
299 }
300 if (strpos($baseIP, ':') !== false && self::validIPv6($baseIP)) {
301 return self::cmpIPv6($baseIP, $list);
302 }
303 return self::cmpIPv4($baseIP, $list);
304 }
305
306 /**
307 * Match IPv4 number with list of numbers with wildcard
308 *
309 * @param string $baseIP Is the current remote IP address for instance, typ. REMOTE_ADDR
310 * @param string $list Is a comma-list of IP-addresses to match with. *-wildcard allowed instead of number, plus leaving out parts in the IP number is accepted as wildcard (eg. 192.168.*.* equals 192.168), could also contain IPv6 addresses
311 * @return bool TRUE if an IP-mask from $list matches $baseIP
312 */
313 public static function cmpIPv4($baseIP, $list)
314 {
315 $IPpartsReq = explode('.', $baseIP);
316 if (count($IPpartsReq) === 4) {
317 $values = self::trimExplode(',', $list, true);
318 foreach ($values as $test) {
319 $testList = explode('/', $test);
320 if (count($testList) === 2) {
321 list($test, $mask) = $testList;
322 } else {
323 $mask = false;
324 }
325 if ((int)$mask) {
326 // "192.168.3.0/24"
327 $lnet = ip2long($test);
328 $lip = ip2long($baseIP);
329 $binnet = str_pad(decbin($lnet), 32, '0', STR_PAD_LEFT);
330 $firstpart = substr($binnet, 0, $mask);
331 $binip = str_pad(decbin($lip), 32, '0', STR_PAD_LEFT);
332 $firstip = substr($binip, 0, $mask);
333 $yes = $firstpart === $firstip;
334 } else {
335 // "192.168.*.*"
336 $IPparts = explode('.', $test);
337 $yes = 1;
338 foreach ($IPparts as $index => $val) {
339 $val = trim($val);
340 if ($val !== '*' && $IPpartsReq[$index] !== $val) {
341 $yes = 0;
342 }
343 }
344 }
345 if ($yes) {
346 return true;
347 }
348 }
349 }
350 return false;
351 }
352
353 /**
354 * Match IPv6 address with a list of IPv6 prefixes
355 *
356 * @param string $baseIP Is the current remote IP address for instance
357 * @param string $list Is a comma-list of IPv6 prefixes, could also contain IPv4 addresses
358 * @return bool TRUE If an baseIP matches any prefix
359 */
360 public static function cmpIPv6($baseIP, $list)
361 {
362 // Policy default: Deny connection
363 $success = false;
364 $baseIP = self::normalizeIPv6($baseIP);
365 $values = self::trimExplode(',', $list, true);
366 foreach ($values as $test) {
367 $testList = explode('/', $test);
368 if (count($testList) === 2) {
369 list($test, $mask) = $testList;
370 } else {
371 $mask = false;
372 }
373 if (self::validIPv6($test)) {
374 $test = self::normalizeIPv6($test);
375 $maskInt = (int)$mask ?: 128;
376 // Special case; /0 is an allowed mask - equals a wildcard
377 if ($mask === '0') {
378 $success = true;
379 } elseif ($maskInt == 128) {
380 $success = $test === $baseIP;
381 } else {
382 $testBin = self::IPv6Hex2Bin($test);
383 $baseIPBin = self::IPv6Hex2Bin($baseIP);
384 $success = true;
385 // Modulo is 0 if this is a 8-bit-boundary
386 $maskIntModulo = $maskInt % 8;
387 $numFullCharactersUntilBoundary = (int)($maskInt / 8);
388 if (strpos($testBin, substr($baseIPBin, 0, $numFullCharactersUntilBoundary)) !== 0) {
389 $success = false;
390 } elseif ($maskIntModulo > 0) {
391 // If not an 8-bit-boundary, check bits of last character
392 $testLastBits = str_pad(decbin(ord(substr($testBin, $numFullCharactersUntilBoundary, 1))), 8, '0', STR_PAD_LEFT);
393 $baseIPLastBits = str_pad(decbin(ord(substr($baseIPBin, $numFullCharactersUntilBoundary, 1))), 8, '0', STR_PAD_LEFT);
394 if (strncmp($testLastBits, $baseIPLastBits, $maskIntModulo) != 0) {
395 $success = false;
396 }
397 }
398 }
399 }
400 if ($success) {
401 return true;
402 }
403 }
404 return false;
405 }
406
407 /**
408 * Transform a regular IPv6 address from hex-representation into binary
409 *
410 * @param string $hex IPv6 address in hex-presentation
411 * @return string Binary representation (16 characters, 128 characters)
412 * @see IPv6Bin2Hex()
413 */
414 public static function IPv6Hex2Bin($hex)
415 {
416 return inet_pton($hex);
417 }
418
419 /**
420 * Transform an IPv6 address from binary to hex-representation
421 *
422 * @param string $bin IPv6 address in hex-presentation
423 * @return string Binary representation (16 characters, 128 characters)
424 * @see IPv6Hex2Bin()
425 */
426 public static function IPv6Bin2Hex($bin)
427 {
428 return inet_ntop($bin);
429 }
430
431 /**
432 * Normalize an IPv6 address to full length
433 *
434 * @param string $address Given IPv6 address
435 * @return string Normalized address
436 * @see compressIPv6()
437 */
438 public static function normalizeIPv6($address)
439 {
440 $normalizedAddress = '';
441 $stageOneAddress = '';
442 // According to RFC lowercase-representation is recommended
443 $address = strtolower($address);
444 // Normalized representation has 39 characters (0000:0000:0000:0000:0000:0000:0000:0000)
445 if (strlen($address) === 39) {
446 // Already in full expanded form
447 return $address;
448 }
449 // Count 2 if if address has hidden zero blocks
450 $chunks = explode('::', $address);
451 if (count($chunks) === 2) {
452 $chunksLeft = explode(':', $chunks[0]);
453 $chunksRight = explode(':', $chunks[1]);
454 $left = count($chunksLeft);
455 $right = count($chunksRight);
456 // Special case: leading zero-only blocks count to 1, should be 0
457 if ($left === 1 && strlen($chunksLeft[0]) === 0) {
458 $left = 0;
459 }
460 $hiddenBlocks = 8 - ($left + $right);
461 $hiddenPart = '';
462 $h = 0;
463 while ($h < $hiddenBlocks) {
464 $hiddenPart .= '0000:';
465 $h++;
466 }
467 if ($left === 0) {
468 $stageOneAddress = $hiddenPart . $chunks[1];
469 } else {
470 $stageOneAddress = $chunks[0] . ':' . $hiddenPart . $chunks[1];
471 }
472 } else {
473 $stageOneAddress = $address;
474 }
475 // Normalize the blocks:
476 $blocks = explode(':', $stageOneAddress);
477 $divCounter = 0;
478 foreach ($blocks as $block) {
479 $tmpBlock = '';
480 $i = 0;
481 $hiddenZeros = 4 - strlen($block);
482 while ($i < $hiddenZeros) {
483 $tmpBlock .= '0';
484 $i++;
485 }
486 $normalizedAddress .= $tmpBlock . $block;
487 if ($divCounter < 7) {
488 $normalizedAddress .= ':';
489 $divCounter++;
490 }
491 }
492 return $normalizedAddress;
493 }
494
495 /**
496 * Compress an IPv6 address to the shortest notation
497 *
498 * @param string $address Given IPv6 address
499 * @return string Compressed address
500 * @see normalizeIPv6()
501 */
502 public static function compressIPv6($address)
503 {
504 return inet_ntop(inet_pton($address));
505 }
506
507 /**
508 * Validate a given IP address.
509 *
510 * Possible format are IPv4 and IPv6.
511 *
512 * @param string $ip IP address to be tested
513 * @return bool TRUE if $ip is either of IPv4 or IPv6 format.
514 */
515 public static function validIP($ip)
516 {
517 return filter_var($ip, FILTER_VALIDATE_IP) !== false;
518 }
519
520 /**
521 * Validate a given IP address to the IPv4 address format.
522 *
523 * Example for possible format: 10.0.45.99
524 *
525 * @param string $ip IP address to be tested
526 * @return bool TRUE if $ip is of IPv4 format.
527 */
528 public static function validIPv4($ip)
529 {
530 return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) !== false;
531 }
532
533 /**
534 * Validate a given IP address to the IPv6 address format.
535 *
536 * Example for possible format: 43FB::BB3F:A0A0:0 | ::1
537 *
538 * @param string $ip IP address to be tested
539 * @return bool TRUE if $ip is of IPv6 format.
540 */
541 public static function validIPv6($ip)
542 {
543 return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) !== false;
544 }
545
546 /**
547 * Match fully qualified domain name with list of strings with wildcard
548 *
549 * @param string $baseHost A hostname or an IPv4/IPv6-address (will by reverse-resolved; typically REMOTE_ADDR)
550 * @param string $list A comma-list of domain names to match with. *-wildcard allowed but cannot be part of a string, so it must match the full host name (eg. myhost.*.com => correct, myhost.*domain.com => wrong)
551 * @return bool TRUE if a domain name mask from $list matches $baseIP
552 */
553 public static function cmpFQDN($baseHost, $list)
554 {
555 $baseHost = trim($baseHost);
556 if (empty($baseHost)) {
557 return false;
558 }
559 if (self::validIPv4($baseHost) || self::validIPv6($baseHost)) {
560 // Resolve hostname
561 // Note: this is reverse-lookup and can be randomly set as soon as somebody is able to set
562 // the reverse-DNS for his IP (security when for example used with REMOTE_ADDR)
563 $baseHostName = gethostbyaddr($baseHost);
564 if ($baseHostName === $baseHost) {
565 // Unable to resolve hostname
566 return false;
567 }
568 } else {
569 $baseHostName = $baseHost;
570 }
571 $baseHostNameParts = explode('.', $baseHostName);
572 $values = self::trimExplode(',', $list, true);
573 foreach ($values as $test) {
574 $hostNameParts = explode('.', $test);
575 // To match hostNameParts can only be shorter (in case of wildcards) or equal
576 $hostNamePartsCount = count($hostNameParts);
577 $baseHostNamePartsCount = count($baseHostNameParts);
578 if ($hostNamePartsCount > $baseHostNamePartsCount) {
579 continue;
580 }
581 $yes = true;
582 foreach ($hostNameParts as $index => $val) {
583 $val = trim($val);
584 if ($val === '*') {
585 // Wildcard valid for one or more hostname-parts
586 $wildcardStart = $index + 1;
587 // Wildcard as last/only part always matches, otherwise perform recursive checks
588 if ($wildcardStart < $hostNamePartsCount) {
589 $wildcardMatched = false;
590 $tempHostName = implode('.', array_slice($hostNameParts, $index + 1));
591 while ($wildcardStart < $baseHostNamePartsCount && !$wildcardMatched) {
592 $tempBaseHostName = implode('.', array_slice($baseHostNameParts, $wildcardStart));
593 $wildcardMatched = self::cmpFQDN($tempBaseHostName, $tempHostName);
594 $wildcardStart++;
595 }
596 if ($wildcardMatched) {
597 // Match found by recursive compare
598 return true;
599 }
600 $yes = false;
601 }
602 } elseif ($baseHostNameParts[$index] !== $val) {
603 // In case of no match
604 $yes = false;
605 }
606 }
607 if ($yes) {
608 return true;
609 }
610 }
611 return false;
612 }
613
614 /**
615 * Checks if a given URL matches the host that currently handles this HTTP request.
616 * Scheme, hostname and (optional) port of the given URL are compared.
617 *
618 * @param string $url URL to compare with the TYPO3 request host
619 * @return bool Whether the URL matches the TYPO3 request host
620 */
621 public static function isOnCurrentHost($url)
622 {
623 return stripos($url . '/', self::getIndpEnv('TYPO3_REQUEST_HOST') . '/') === 0;
624 }
625
626 /**
627 * Check for item in list
628 * Check if an item exists in a comma-separated list of items.
629 *
630 * @param string $list Comma-separated list of items (string)
631 * @param string $item Item to check for
632 * @return bool TRUE if $item is in $list
633 */
634 public static function inList($list, $item)
635 {
636 return strpos(',' . $list . ',', ',' . $item . ',') !== false;
637 }
638
639 /**
640 * Removes an item from a comma-separated list of items.
641 *
642 * If $element contains a comma, the behaviour of this method is undefined.
643 * Empty elements in the list are preserved.
644 *
645 * @param string $element Element to remove
646 * @param string $list Comma-separated list of items (string)
647 * @return string New comma-separated list of items
648 */
649 public static function rmFromList($element, $list)
650 {
651 $items = explode(',', $list);
652 foreach ($items as $k => $v) {
653 if ($v == $element) {
654 unset($items[$k]);
655 }
656 }
657 return implode(',', $items);
658 }
659
660 /**
661 * Expand a comma-separated list of integers with ranges (eg 1,3-5,7 becomes 1,3,4,5,7).
662 * Ranges are limited to 1000 values per range.
663 *
664 * @param string $list Comma-separated list of integers with ranges (string)
665 * @return string New comma-separated list of items
666 */
667 public static function expandList($list)
668 {
669 $items = explode(',', $list);
670 $list = [];
671 foreach ($items as $item) {
672 $range = explode('-', $item);
673 if (isset($range[1])) {
674 $runAwayBrake = 1000;
675 for ($n = $range[0]; $n <= $range[1]; $n++) {
676 $list[] = $n;
677 $runAwayBrake--;
678 if ($runAwayBrake <= 0) {
679 break;
680 }
681 }
682 } else {
683 $list[] = $item;
684 }
685 }
686 return implode(',', $list);
687 }
688
689 /**
690 * Makes a positive integer hash out of the first 7 chars from the md5 hash of the input
691 *
692 * @param string $str String to md5-hash
693 * @return int Returns 28bit integer-hash
694 */
695 public static function md5int($str)
696 {
697 return hexdec(substr(md5($str), 0, 7));
698 }
699
700 /**
701 * Returns the first 10 positions of the MD5-hash (changed from 6 to 10 recently)
702 *
703 * @param string $input Input string to be md5-hashed
704 * @param int $len The string-length of the output
705 * @return string Substring of the resulting md5-hash, being $len chars long (from beginning)
706 */
707 public static function shortMD5($input, $len = 10)
708 {
709 return substr(md5($input), 0, $len);
710 }
711
712 /**
713 * Returns a proper HMAC on a given input string and secret TYPO3 encryption key.
714 *
715 * @param string $input Input string to create HMAC from
716 * @param string $additionalSecret additionalSecret to prevent hmac being used in a different context
717 * @return string resulting (hexadecimal) HMAC currently with a length of 40 (HMAC-SHA-1)
718 */
719 public static function hmac($input, $additionalSecret = '')
720 {
721 $hashAlgorithm = 'sha1';
722 $hashBlocksize = 64;
723 $secret = $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'] . $additionalSecret;
724 if (extension_loaded('hash') && function_exists('hash_hmac') && function_exists('hash_algos') && in_array($hashAlgorithm, hash_algos())) {
725 $hmac = hash_hmac($hashAlgorithm, $input, $secret);
726 } else {
727 // Outer padding
728 $opad = str_repeat(chr(92), $hashBlocksize);
729 // Inner padding
730 $ipad = str_repeat(chr(54), $hashBlocksize);
731 if (strlen($secret) > $hashBlocksize) {
732 // Keys longer than block size are shorten
733 $key = str_pad(pack('H*', call_user_func($hashAlgorithm, $secret)), $hashBlocksize, "\0");
734 } else {
735 // Keys shorter than block size are zero-padded
736 $key = str_pad($secret, $hashBlocksize, "\0");
737 }
738 $hmac = call_user_func($hashAlgorithm, ($key ^ $opad) . pack('H*', call_user_func(
739 $hashAlgorithm,
740 ($key ^ $ipad) . $input
741 )));
742 }
743 return $hmac;
744 }
745
746 /**
747 * Takes comma-separated lists and arrays and removes all duplicates
748 * If a value in the list is trim(empty), the value is ignored.
749 *
750 * @param string $in_list Accept multiple parameters which can be comma-separated lists of values and arrays.
751 * @param mixed $secondParameter Dummy field, which if set will show a warning!
752 * @return string Returns the list without any duplicates of values, space around values are trimmed
753 */
754 public static function uniqueList($in_list, $secondParameter = null)
755 {
756 if (is_array($in_list)) {
757 throw new \InvalidArgumentException('TYPO3 Fatal Error: TYPO3\\CMS\\Core\\Utility\\GeneralUtility::uniqueList() does NOT support array arguments anymore! Only string comma lists!', 1270853885);
758 }
759 if (isset($secondParameter)) {
760 throw new \InvalidArgumentException('TYPO3 Fatal Error: TYPO3\\CMS\\Core\\Utility\\GeneralUtility::uniqueList() does NOT support more than a single argument value anymore. You have specified more than one!', 1270853886);
761 }
762 return implode(',', array_unique(self::trimExplode(',', $in_list, true)));
763 }
764
765 /**
766 * Splits a reference to a file in 5 parts
767 *
768 * @param string $fileNameWithPath File name with path to be analyzed (must exist if open_basedir is set)
769 * @return array Contains keys [path], [file], [filebody], [fileext], [realFileext]
770 */
771 public static function split_fileref($fileNameWithPath)
772 {
773 $reg = [];
774 if (preg_match('/(.*\\/)(.*)$/', $fileNameWithPath, $reg)) {
775 $info['path'] = $reg[1];
776 $info['file'] = $reg[2];
777 } else {
778 $info['path'] = '';
779 $info['file'] = $fileNameWithPath;
780 }
781 $reg = '';
782 // If open_basedir is set and the fileName was supplied without a path the is_dir check fails
783 if (!is_dir($fileNameWithPath) && preg_match('/(.*)\\.([^\\.]*$)/', $info['file'], $reg)) {
784 $info['filebody'] = $reg[1];
785 $info['fileext'] = strtolower($reg[2]);
786 $info['realFileext'] = $reg[2];
787 } else {
788 $info['filebody'] = $info['file'];
789 $info['fileext'] = '';
790 }
791 reset($info);
792 return $info;
793 }
794
795 /**
796 * Returns the directory part of a path without trailing slash
797 * If there is no dir-part, then an empty string is returned.
798 * Behaviour:
799 *
800 * '/dir1/dir2/script.php' => '/dir1/dir2'
801 * '/dir1/' => '/dir1'
802 * 'dir1/script.php' => 'dir1'
803 * 'd/script.php' => 'd'
804 * '/script.php' => ''
805 * '' => ''
806 *
807 * @param string $path Directory name / path
808 * @return string Processed input value. See function description.
809 */
810 public static function dirname($path)
811 {
812 $p = self::revExplode('/', $path, 2);
813 return count($p) === 2 ? $p[0] : '';
814 }
815
816 /**
817 * Returns TRUE if the first part of $str matches the string $partStr
818 *
819 * @param string $str Full string to check
820 * @param string $partStr Reference string which must be found as the "first part" of the full string
821 * @return bool TRUE if $partStr was found to be equal to the first part of $str
822 */
823 public static function isFirstPartOfStr($str, $partStr)
824 {
825 $str = is_array($str) ? '' : (string)$str;
826 $partStr = is_array($partStr) ? '' : (string)$partStr;
827 return $partStr !== '' && strpos($str, $partStr, 0) === 0;
828 }
829
830 /**
831 * Formats the input integer $sizeInBytes as bytes/kilobytes/megabytes (-/K/M)
832 *
833 * @param int $sizeInBytes Number of bytes to format.
834 * @param string $labels Binary unit name "iec", decimal unit name "si" or labels for bytes, kilo, mega, giga, and so on separated by vertical bar (|) and possibly encapsulated in "". Eg: " | K| M| G". Defaults to "iec".
835 * @param int $base The unit base if not using a unit name. Defaults to 1024.
836 * @return string Formatted representation of the byte number, for output.
837 */
838 public static function formatSize($sizeInBytes, $labels = '', $base = 0)
839 {
840 $defaultFormats = [
841 'iec' => ['base' => 1024, 'labels' => [' ', ' Ki', ' Mi', ' Gi', ' Ti', ' Pi', ' Ei', ' Zi', ' Yi']],
842 'si' => ['base' => 1000, 'labels' => [' ', ' k', ' M', ' G', ' T', ' P', ' E', ' Z', ' Y']],
843 ];
844 // Set labels and base:
845 if (empty($labels)) {
846 $labels = 'iec';
847 }
848 if (isset($defaultFormats[$labels])) {
849 $base = $defaultFormats[$labels]['base'];
850 $labelArr = $defaultFormats[$labels]['labels'];
851 } else {
852 $base = (int)$base;
853 if ($base !== 1000 && $base !== 1024) {
854 $base = 1024;
855 }
856 $labelArr = explode('|', str_replace('"', '', $labels));
857 }
858 // @todo find out which locale is used for current BE user to cover the BE case as well
859 $oldLocale = setlocale(LC_NUMERIC, 0);
860 $newLocale = $GLOBALS['TSFE']->config['config']['locale_all'] ?? '';
861 if ($newLocale) {
862 setlocale(LC_NUMERIC, $newLocale);
863 }
864 $localeInfo = localeconv();
865 if ($newLocale) {
866 setlocale(LC_NUMERIC, $oldLocale);
867 }
868 $sizeInBytes = max($sizeInBytes, 0);
869 $multiplier = floor(($sizeInBytes ? log($sizeInBytes) : 0) / log($base));
870 $sizeInUnits = $sizeInBytes / pow($base, $multiplier);
871 if ($sizeInUnits > ($base * .9)) {
872 $multiplier++;
873 }
874 $multiplier = min($multiplier, count($labelArr) - 1);
875 $sizeInUnits = $sizeInBytes / pow($base, $multiplier);
876 return number_format($sizeInUnits, (($multiplier > 0) && ($sizeInUnits < 20)) ? 2 : 0, $localeInfo['decimal_point'], '') . $labelArr[$multiplier];
877 }
878
879 /**
880 * This splits a string by the chars in $operators (typical /+-*) and returns an array with them in
881 *
882 * @param string $string Input string, eg "123 + 456 / 789 - 4
883 * @param string $operators Operators to split by, typically "/+-*
884 * @return array Array with operators and operands separated.
885 * @see \TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer::calc(), \TYPO3\CMS\Frontend\Imaging\GifBuilder::calcOffset()
886 */
887 public static function splitCalc($string, $operators)
888 {
889 $res = [];
890 $sign = '+';
891 while ($string) {
892 $valueLen = strcspn($string, $operators);
893 $value = substr($string, 0, $valueLen);
894 $res[] = [$sign, trim($value)];
895 $sign = substr($string, $valueLen, 1);
896 $string = substr($string, $valueLen + 1);
897 }
898 reset($res);
899 return $res;
900 }
901
902 /**
903 * Checking syntax of input email address
904 *
905 * http://tools.ietf.org/html/rfc3696
906 * International characters are allowed in email. So the whole address needs
907 * to be converted to punicode before passing it to filter_var(). We convert
908 * the user- and domain part separately to increase the chance of hitting an
909 * entry in self::$idnaStringCache.
910 *
911 * Also the @ sign may appear multiple times in an address. If not used as
912 * a boundary marker between the user- and domain part, it must be escaped
913 * with a backslash: \@. This mean we can not just explode on the @ sign and
914 * expect to get just two parts. So we pop off the domain and then glue the
915 * rest together again.
916 *
917 * @param string $email Input string to evaluate
918 * @return bool Returns TRUE if the $email address (input string) is valid
919 */
920 public static function validEmail($email)
921 {
922 // Early return in case input is not a string
923 if (!is_string($email)) {
924 return false;
925 }
926 $atPosition = strrpos($email, '@');
927 if (!$atPosition || $atPosition + 1 === strlen($email)) {
928 // Return if no @ found or it is placed at the very beginning or end of the email
929 return false;
930 }
931 $domain = substr($email, $atPosition + 1);
932 $user = substr($email, 0, $atPosition);
933 if (!preg_match('/^[a-z0-9.\\-]*$/i', $domain)) {
934 try {
935 $domain = self::idnaEncode($domain);
936 } catch (\InvalidArgumentException $exception) {
937 return false;
938 }
939 }
940 return filter_var($user . '@' . $domain, FILTER_VALIDATE_EMAIL) !== false;
941 }
942
943 /**
944 * Returns an ASCII string (punicode) representation of $value
945 *
946 * @param string $value
947 * @return string An ASCII encoded (punicode) string
948 */
949 public static function idnaEncode($value)
950 {
951 if (isset(self::$idnaStringCache[$value])) {
952 return self::$idnaStringCache[$value];
953 }
954 if (!self::$idnaConverter) {
955 self::$idnaConverter = new \Mso\IdnaConvert\IdnaConvert(['idn_version' => 2008]);
956 }
957 self::$idnaStringCache[$value] = self::$idnaConverter->encode($value);
958 return self::$idnaStringCache[$value];
959 }
960
961 /**
962 * Returns a given string with underscores as UpperCamelCase.
963 * Example: Converts blog_example to BlogExample
964 *
965 * @param string $string String to be converted to camel case
966 * @return string UpperCamelCasedWord
967 */
968 public static function underscoredToUpperCamelCase($string)
969 {
970 return str_replace(' ', '', ucwords(str_replace('_', ' ', strtolower($string))));
971 }
972
973 /**
974 * Returns a given string with underscores as lowerCamelCase.
975 * Example: Converts minimal_value to minimalValue
976 *
977 * @param string $string String to be converted to camel case
978 * @return string lowerCamelCasedWord
979 */
980 public static function underscoredToLowerCamelCase($string)
981 {
982 return lcfirst(str_replace(' ', '', ucwords(str_replace('_', ' ', strtolower($string)))));
983 }
984
985 /**
986 * Returns a given CamelCasedString as an lowercase string with underscores.
987 * Example: Converts BlogExample to blog_example, and minimalValue to minimal_value
988 *
989 * @param string $string String to be converted to lowercase underscore
990 * @return string lowercase_and_underscored_string
991 */
992 public static function camelCaseToLowerCaseUnderscored($string)
993 {
994 $value = preg_replace('/(?<=\\w)([A-Z])/', '_\\1', $string);
995 return mb_strtolower($value, 'utf-8');
996 }
997
998 /**
999 * Checks if a given string is a Uniform Resource Locator (URL).
1000 *
1001 * On seriously malformed URLs, parse_url may return FALSE and emit an
1002 * E_WARNING.
1003 *
1004 * filter_var() requires a scheme to be present.
1005 *
1006 * http://www.faqs.org/rfcs/rfc2396.html
1007 * Scheme names consist of a sequence of characters beginning with a
1008 * lower case letter and followed by any combination of lower case letters,
1009 * digits, plus ("+"), period ("."), or hyphen ("-"). For resiliency,
1010 * programs interpreting URI should treat upper case letters as equivalent to
1011 * lower case in scheme names (e.g., allow "HTTP" as well as "http").
1012 * scheme = alpha *( alpha | digit | "+" | "-" | "." )
1013 *
1014 * Convert the domain part to punicode if it does not look like a regular
1015 * domain name. Only the domain part because RFC3986 specifies the the rest of
1016 * the url may not contain special characters:
1017 * http://tools.ietf.org/html/rfc3986#appendix-A
1018 *
1019 * @param string $url The URL to be validated
1020 * @return bool Whether the given URL is valid
1021 */
1022 public static function isValidUrl($url)
1023 {
1024 $parsedUrl = parse_url($url);
1025 if (!$parsedUrl || !isset($parsedUrl['scheme'])) {
1026 return false;
1027 }
1028 // HttpUtility::buildUrl() will always build urls with <scheme>://
1029 // our original $url might only contain <scheme>: (e.g. mail:)
1030 // so we convert that to the double-slashed version to ensure
1031 // our check against the $recomposedUrl is proper
1032 if (!self::isFirstPartOfStr($url, $parsedUrl['scheme'] . '://')) {
1033 $url = str_replace($parsedUrl['scheme'] . ':', $parsedUrl['scheme'] . '://', $url);
1034 }
1035 $recomposedUrl = HttpUtility::buildUrl($parsedUrl);
1036 if ($recomposedUrl !== $url) {
1037 // The parse_url() had to modify characters, so the URL is invalid
1038 return false;
1039 }
1040 if (isset($parsedUrl['host']) && !preg_match('/^[a-z0-9.\\-]*$/i', $parsedUrl['host'])) {
1041 try {
1042 $parsedUrl['host'] = self::idnaEncode($parsedUrl['host']);
1043 } catch (\InvalidArgumentException $exception) {
1044 return false;
1045 }
1046 }
1047 return filter_var(HttpUtility::buildUrl($parsedUrl), FILTER_VALIDATE_URL) !== false;
1048 }
1049
1050 /*************************
1051 *
1052 * ARRAY FUNCTIONS
1053 *
1054 *************************/
1055
1056 /**
1057 * Explodes a $string delimited by $delimiter and casts each item in the array to (int).
1058 * Corresponds to \TYPO3\CMS\Core\Utility\GeneralUtility::trimExplode(), but with conversion to integers for all values.
1059 *
1060 * @param string $delimiter Delimiter string to explode with
1061 * @param string $string The string to explode
1062 * @param bool $removeEmptyValues If set, all empty values (='') will NOT be set in output
1063 * @param int $limit If positive, the result will contain a maximum of limit elements,
1064 * @return array Exploded values, all converted to integers
1065 */
1066 public static function intExplode($delimiter, $string, $removeEmptyValues = false, $limit = 0)
1067 {
1068 $result = explode($delimiter, $string);
1069 foreach ($result as $key => &$value) {
1070 if ($removeEmptyValues && ($value === '' || trim($value) === '')) {
1071 unset($result[$key]);
1072 } else {
1073 $value = (int)$value;
1074 }
1075 }
1076 unset($value);
1077 if ($limit !== 0) {
1078 if ($limit < 0) {
1079 $result = array_slice($result, 0, $limit);
1080 } elseif (count($result) > $limit) {
1081 $lastElements = array_slice($result, $limit - 1);
1082 $result = array_slice($result, 0, $limit - 1);
1083 $result[] = implode($delimiter, $lastElements);
1084 }
1085 }
1086 return $result;
1087 }
1088
1089 /**
1090 * Reverse explode which explodes the string counting from behind.
1091 *
1092 * Note: The delimiter has to given in the reverse order as
1093 * it is occurring within the string.
1094 *
1095 * GeneralUtility::revExplode('[]', '[my][words][here]', 2)
1096 * ==> array('[my][words', 'here]')
1097 *
1098 * @param string $delimiter Delimiter string to explode with
1099 * @param string $string The string to explode
1100 * @param int $count Number of array entries
1101 * @return array Exploded values
1102 */
1103 public static function revExplode($delimiter, $string, $count = 0)
1104 {
1105 // 2 is the (currently, as of 2014-02) most-used value for $count in the core, therefore we check it first
1106 if ($count === 2) {
1107 $position = strrpos($string, strrev($delimiter));
1108 if ($position !== false) {
1109 return [substr($string, 0, $position), substr($string, $position + strlen($delimiter))];
1110 }
1111 return [$string];
1112 }
1113 if ($count <= 1) {
1114 return [$string];
1115 }
1116 $explodedValues = explode($delimiter, strrev($string), $count);
1117 $explodedValues = array_map('strrev', $explodedValues);
1118 return array_reverse($explodedValues);
1119 }
1120
1121 /**
1122 * Explodes a string and trims all values for whitespace in the end.
1123 * If $onlyNonEmptyValues is set, then all blank ('') values are removed.
1124 *
1125 * @param string $delim Delimiter string to explode with
1126 * @param string $string The string to explode
1127 * @param bool $removeEmptyValues If set, all empty values will be removed in output
1128 * @param int $limit If limit is set and positive, the returned array will contain a maximum of limit elements with
1129 * the last element containing the rest of string. If the limit parameter is negative, all components
1130 * except the last -limit are returned.
1131 * @return array Exploded values
1132 */
1133 public static function trimExplode($delim, $string, $removeEmptyValues = false, $limit = 0)
1134 {
1135 $result = explode($delim, $string);
1136 if ($removeEmptyValues) {
1137 $temp = [];
1138 foreach ($result as $value) {
1139 if (trim($value) !== '') {
1140 $temp[] = $value;
1141 }
1142 }
1143 $result = $temp;
1144 }
1145 if ($limit > 0 && count($result) > $limit) {
1146 $lastElements = array_splice($result, $limit - 1);
1147 $result[] = implode($delim, $lastElements);
1148 } elseif ($limit < 0) {
1149 $result = array_slice($result, 0, $limit);
1150 }
1151 $result = array_map('trim', $result);
1152 return $result;
1153 }
1154
1155 /**
1156 * Implodes a multidim-array into GET-parameters (eg. &param[key][key2]=value2&param[key][key3]=value3)
1157 *
1158 * @param string $name Name prefix for entries. Set to blank if you wish none.
1159 * @param array $theArray The (multidimensional) array to implode
1160 * @param string $str (keep blank)
1161 * @param bool $skipBlank If set, parameters which were blank strings would be removed.
1162 * @param bool $rawurlencodeParamName If set, the param name itself (for example "param[key][key2]") would be rawurlencoded as well.
1163 * @return string Imploded result, fx. &param[key][key2]=value2&param[key][key3]=value3
1164 * @see explodeUrl2Array()
1165 */
1166 public static function implodeArrayForUrl($name, array $theArray, $str = '', $skipBlank = false, $rawurlencodeParamName = false)
1167 {
1168 foreach ($theArray as $Akey => $AVal) {
1169 $thisKeyName = $name ? $name . '[' . $Akey . ']' : $Akey;
1170 if (is_array($AVal)) {
1171 $str = self::implodeArrayForUrl($thisKeyName, $AVal, $str, $skipBlank, $rawurlencodeParamName);
1172 } else {
1173 if (!$skipBlank || (string)$AVal !== '') {
1174 $str .= '&' . ($rawurlencodeParamName ? rawurlencode($thisKeyName) : $thisKeyName) . '=' . rawurlencode($AVal);
1175 }
1176 }
1177 }
1178 return $str;
1179 }
1180
1181 /**
1182 * Explodes a string with GETvars (eg. "&id=1&type=2&ext[mykey]=3") into an array.
1183 *
1184 * Note! If you want to use a multi-dimensional string, consider this plain simple PHP code instead:
1185 *
1186 * $result = [];
1187 * parse_str($queryParametersAsString, $result);
1188 *
1189 * However, if you do magic with a flat structure (e.g. keeping "ext[mykey]" as flat key in a one-dimensional array)
1190 * then this method is for you.
1191 *
1192 * @param string $string GETvars string
1193 * @param bool $multidim If set, the string will be parsed into a multidimensional array if square brackets are used in variable names (using PHP function parse_str())
1194 * @return array Array of values. All values AND keys are rawurldecoded() as they properly should be. But this means that any implosion of the array again must rawurlencode it!
1195 * @see implodeArrayForUrl()
1196 */
1197 public static function explodeUrl2Array($string, $multidim = null)
1198 {
1199 $output = [];
1200 if ($multidim) {
1201 trigger_error('GeneralUtility::explodeUrl2Array() with a multi-dimensional explode functionality will be removed in TYPO3 v10.0. is built-in PHP with "parse_str($input, $output);". Use the native PHP methods instead.', E_USER_DEPRECATED);
1202 parse_str($string, $output);
1203 } else {
1204 if ($multidim !== null) {
1205 trigger_error('GeneralUtility::explodeUrl2Array() does not need a second method argument anymore, and will be removed in TYPO3 v10.0.', E_USER_DEPRECATED);
1206 }
1207 $p = explode('&', $string);
1208 foreach ($p as $v) {
1209 if ($v !== '') {
1210 list($pK, $pV) = explode('=', $v, 2);
1211 $output[rawurldecode($pK)] = rawurldecode($pV);
1212 }
1213 }
1214 }
1215 return $output;
1216 }
1217
1218 /**
1219 * Returns an array with selected keys from incoming data.
1220 * (Better read source code if you want to find out...)
1221 *
1222 * @param string $varList List of variable/key names
1223 * @param array $getArray Array from where to get values based on the keys in $varList
1224 * @param bool $GPvarAlt If set, then \TYPO3\CMS\Core\Utility\GeneralUtility::_GP() is used to fetch the value if not found (isset) in the $getArray
1225 * @return array Output array with selected variables.
1226 */
1227 public static function compileSelectedGetVarsFromArray($varList, array $getArray, $GPvarAlt = true)
1228 {
1229 $keys = self::trimExplode(',', $varList, true);
1230 $outArr = [];
1231 foreach ($keys as $v) {
1232 if (isset($getArray[$v])) {
1233 $outArr[$v] = $getArray[$v];
1234 } elseif ($GPvarAlt) {
1235 $outArr[$v] = self::_GP($v);
1236 }
1237 }
1238 return $outArr;
1239 }
1240
1241 /**
1242 * Removes dots "." from end of a key identifier of TypoScript styled array.
1243 * array('key.' => array('property.' => 'value')) --> array('key' => array('property' => 'value'))
1244 *
1245 * @param array $ts TypoScript configuration array
1246 * @return array TypoScript configuration array without dots at the end of all keys
1247 */
1248 public static function removeDotsFromTS(array $ts)
1249 {
1250 $out = [];
1251 foreach ($ts as $key => $value) {
1252 if (is_array($value)) {
1253 $key = rtrim($key, '.');
1254 $out[$key] = self::removeDotsFromTS($value);
1255 } else {
1256 $out[$key] = $value;
1257 }
1258 }
1259 return $out;
1260 }
1261
1262 /*************************
1263 *
1264 * HTML/XML PROCESSING
1265 *
1266 *************************/
1267 /**
1268 * Returns an array with all attributes of the input HTML tag as key/value pairs. Attributes are only lowercase a-z
1269 * $tag is either a whole tag (eg '<TAG OPTION ATTRIB=VALUE>') or the parameter list (ex ' OPTION ATTRIB=VALUE>')
1270 * If an attribute is empty, then the value for the key is empty. You can check if it existed with isset()
1271 *
1272 * @param string $tag HTML-tag string (or attributes only)
1273 * @return array Array with the attribute values.
1274 */
1275 public static function get_tag_attributes($tag)
1276 {
1277 $components = self::split_tag_attributes($tag);
1278 // Attribute name is stored here
1279 $name = '';
1280 $valuemode = false;
1281 $attributes = [];
1282 foreach ($components as $key => $val) {
1283 // Only if $name is set (if there is an attribute, that waits for a value), that valuemode is enabled. This ensures that the attribute is assigned it's value
1284 if ($val !== '=') {
1285 if ($valuemode) {
1286 if ($name) {
1287 $attributes[$name] = $val;
1288 $name = '';
1289 }
1290 } else {
1291 if ($key = strtolower(preg_replace('/[^[:alnum:]_\\:\\-]/', '', $val))) {
1292 $attributes[$key] = '';
1293 $name = $key;
1294 }
1295 }
1296 $valuemode = false;
1297 } else {
1298 $valuemode = true;
1299 }
1300 }
1301 return $attributes;
1302 }
1303
1304 /**
1305 * Returns an array with the 'components' from an attribute list from an HTML tag. The result is normally analyzed by get_tag_attributes
1306 * Removes tag-name if found
1307 *
1308 * @param string $tag HTML-tag string (or attributes only)
1309 * @return array Array with the attribute values.
1310 */
1311 public static function split_tag_attributes($tag)
1312 {
1313 $tag_tmp = trim(preg_replace('/^<[^[:space:]]*/', '', trim($tag)));
1314 // Removes any > in the end of the string
1315 $tag_tmp = trim(rtrim($tag_tmp, '>'));
1316 $value = [];
1317 // Compared with empty string instead , 030102
1318 while ($tag_tmp !== '') {
1319 $firstChar = $tag_tmp[0];
1320 if ($firstChar === '"' || $firstChar === '\'') {
1321 $reg = explode($firstChar, $tag_tmp, 3);
1322 $value[] = $reg[1];
1323 $tag_tmp = trim($reg[2]);
1324 } elseif ($firstChar === '=') {
1325 $value[] = '=';
1326 // Removes = chars.
1327 $tag_tmp = trim(substr($tag_tmp, 1));
1328 } else {
1329 // There are '' around the value. We look for the next ' ' or '>'
1330 $reg = preg_split('/[[:space:]=]/', $tag_tmp, 2);
1331 $value[] = trim($reg[0]);
1332 $tag_tmp = trim(substr($tag_tmp, strlen($reg[0]), 1) . ($reg[1] ?? ''));
1333 }
1334 }
1335 reset($value);
1336 return $value;
1337 }
1338
1339 /**
1340 * Implodes attributes in the array $arr for an attribute list in eg. and HTML tag (with quotes)
1341 *
1342 * @param array $arr Array with attribute key/value pairs, eg. "bgcolor"=>"red", "border"=>0
1343 * @param bool $xhtmlSafe If set the resulting attribute list will have a) all attributes in lowercase (and duplicates weeded out, first entry taking precedence) and b) all values htmlspecialchar()'ed. It is recommended to use this switch!
1344 * @param bool $dontOmitBlankAttribs If TRUE, don't check if values are blank. Default is to omit attributes with blank values.
1345 * @return string Imploded attributes, eg. 'bgcolor="red" border="0"'
1346 */
1347 public static function implodeAttributes(array $arr, $xhtmlSafe = false, $dontOmitBlankAttribs = false)
1348 {
1349 if ($xhtmlSafe) {
1350 $newArr = [];
1351 foreach ($arr as $p => $v) {
1352 if (!isset($newArr[strtolower($p)])) {
1353 $newArr[strtolower($p)] = htmlspecialchars($v);
1354 }
1355 }
1356 $arr = $newArr;
1357 }
1358 $list = [];
1359 foreach ($arr as $p => $v) {
1360 if ((string)$v !== '' || $dontOmitBlankAttribs) {
1361 $list[] = $p . '="' . $v . '"';
1362 }
1363 }
1364 return implode(' ', $list);
1365 }
1366
1367 /**
1368 * Wraps JavaScript code XHTML ready with <script>-tags
1369 * Automatic re-indenting of the JS code is done by using the first line as indent reference.
1370 * This is nice for indenting JS code with PHP code on the same level.
1371 *
1372 * @param string $string JavaScript code
1373 * @return string The wrapped JS code, ready to put into a XHTML page
1374 */
1375 public static function wrapJS($string)
1376 {
1377 if (trim($string)) {
1378 // remove nl from the beginning
1379 $string = ltrim($string, LF);
1380 // re-ident to one tab using the first line as reference
1381 $match = [];
1382 if (preg_match('/^(\\t+)/', $string, $match)) {
1383 $string = str_replace($match[1], "\t", $string);
1384 }
1385 return '<script type="text/javascript">
1386 /*<![CDATA[*/
1387 ' . $string . '
1388 /*]]>*/
1389 </script>';
1390 }
1391 return '';
1392 }
1393
1394 /**
1395 * Parses XML input into a PHP array with associative keys
1396 *
1397 * @param string $string XML data input
1398 * @param int $depth Number of element levels to resolve the XML into an array. Any further structure will be set as XML.
1399 * @param array $parserOptions Options that will be passed to PHP's xml_parser_set_option()
1400 * @return mixed The array with the parsed structure unless the XML parser returns with an error in which case the error message string is returned.
1401 */
1402 public static function xml2tree($string, $depth = 999, $parserOptions = [])
1403 {
1404 // Disables the functionality to allow external entities to be loaded when parsing the XML, must be kept
1405 $previousValueOfEntityLoader = libxml_disable_entity_loader(true);
1406 $parser = xml_parser_create();
1407 $vals = [];
1408 $index = [];
1409 xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, 0);
1410 xml_parser_set_option($parser, XML_OPTION_SKIP_WHITE, 0);
1411 foreach ($parserOptions as $option => $value) {
1412 xml_parser_set_option($parser, $option, $value);
1413 }
1414 xml_parse_into_struct($parser, $string, $vals, $index);
1415 libxml_disable_entity_loader($previousValueOfEntityLoader);
1416 if (xml_get_error_code($parser)) {
1417 return 'Line ' . xml_get_current_line_number($parser) . ': ' . xml_error_string(xml_get_error_code($parser));
1418 }
1419 xml_parser_free($parser);
1420 $stack = [[]];
1421 $stacktop = 0;
1422 $startPoint = 0;
1423 $tagi = [];
1424 foreach ($vals as $key => $val) {
1425 $type = $val['type'];
1426 // open tag:
1427 if ($type === 'open' || $type === 'complete') {
1428 $stack[$stacktop++] = $tagi;
1429 if ($depth == $stacktop) {
1430 $startPoint = $key;
1431 }
1432 $tagi = ['tag' => $val['tag']];
1433 if (isset($val['attributes'])) {
1434 $tagi['attrs'] = $val['attributes'];
1435 }
1436 if (isset($val['value'])) {
1437 $tagi['values'][] = $val['value'];
1438 }
1439 }
1440 // finish tag:
1441 if ($type === 'complete' || $type === 'close') {
1442 $oldtagi = $tagi;
1443 $tagi = $stack[--$stacktop];
1444 $oldtag = $oldtagi['tag'];
1445 unset($oldtagi['tag']);
1446 if ($depth == $stacktop + 1) {
1447 if ($key - $startPoint > 0) {
1448 $partArray = array_slice($vals, $startPoint + 1, $key - $startPoint - 1);
1449 $oldtagi['XMLvalue'] = self::xmlRecompileFromStructValArray($partArray);
1450 } else {
1451 $oldtagi['XMLvalue'] = $oldtagi['values'][0];
1452 }
1453 }
1454 $tagi['ch'][$oldtag][] = $oldtagi;
1455 unset($oldtagi);
1456 }
1457 // cdata
1458 if ($type === 'cdata') {
1459 $tagi['values'][] = $val['value'];
1460 }
1461 }
1462 return $tagi['ch'];
1463 }
1464
1465 /**
1466 * Converts a PHP array into an XML string.
1467 * The XML output is optimized for readability since associative keys are used as tag names.
1468 * This also means that only alphanumeric characters are allowed in the tag names AND only keys NOT starting with numbers (so watch your usage of keys!). However there are options you can set to avoid this problem.
1469 * Numeric keys are stored with the default tag name "numIndex" but can be overridden to other formats)
1470 * The function handles input values from the PHP array in a binary-safe way; All characters below 32 (except 9,10,13) will trigger the content to be converted to a base64-string
1471 * The PHP variable type of the data IS preserved as long as the types are strings, arrays, integers and booleans. Strings are the default type unless the "type" attribute is set.
1472 * The output XML has been tested with the PHP XML-parser and parses OK under all tested circumstances with 4.x versions. However, with PHP5 there seems to be the need to add an XML prologue a la <?xml version="1.0" encoding="[charset]" standalone="yes" ?> - otherwise UTF-8 is assumed! Unfortunately, many times the output from this function is used without adding that prologue meaning that non-ASCII characters will break the parsing!! This suchs of course! Effectively it means that the prologue should always be prepended setting the right characterset, alternatively the system should always run as utf-8!
1473 * However using MSIE to read the XML output didn't always go well: One reason could be that the character encoding is not observed in the PHP data. The other reason may be if the tag-names are invalid in the eyes of MSIE. Also using the namespace feature will make MSIE break parsing. There might be more reasons...
1474 *
1475 * @param array $array The input PHP array with any kind of data; text, binary, integers. Not objects though.
1476 * @param string $NSprefix tag-prefix, eg. a namespace prefix like "T3:"
1477 * @param int $level Current recursion level. Don't change, stay at zero!
1478 * @param string $docTag Alternative document tag. Default is "phparray".
1479 * @param int $spaceInd If greater than zero, then the number of spaces corresponding to this number is used for indenting, if less than zero - no indentation, if zero - a single TAB is used
1480 * @param array $options Options for the compilation. Key "useNindex" => 0/1 (boolean: whether to use "n0, n1, n2" for num. indexes); Key "useIndexTagForNum" => "[tag for numerical indexes]"; Key "useIndexTagForAssoc" => "[tag for associative indexes"; Key "parentTagMap" => array('parentTag' => 'thisLevelTag')
1481 * @param array $stackData Stack data. Don't touch.
1482 * @return string An XML string made from the input content in the array.
1483 * @see xml2array()
1484 */
1485 public static function array2xml(array $array, $NSprefix = '', $level = 0, $docTag = 'phparray', $spaceInd = 0, array $options = [], array $stackData = [])
1486 {
1487 // The list of byte values which will trigger binary-safe storage. If any value has one of these char values in it, it will be encoded in base64
1488 $binaryChars = "\0" . chr(1) . chr(2) . chr(3) . chr(4) . chr(5) . chr(6) . chr(7) . chr(8) . chr(11) . chr(12) . chr(14) . chr(15) . chr(16) . chr(17) . chr(18) . chr(19) . chr(20) . chr(21) . chr(22) . chr(23) . chr(24) . chr(25) . chr(26) . chr(27) . chr(28) . chr(29) . chr(30) . chr(31);
1489 // Set indenting mode:
1490 $indentChar = $spaceInd ? ' ' : "\t";
1491 $indentN = $spaceInd > 0 ? $spaceInd : 1;
1492 $nl = $spaceInd >= 0 ? LF : '';
1493 // Init output variable:
1494 $output = '';
1495 // Traverse the input array
1496 foreach ($array as $k => $v) {
1497 $attr = '';
1498 $tagName = $k;
1499 // Construct the tag name.
1500 // Use tag based on grand-parent + parent tag name
1501 if (isset($stackData['grandParentTagName'], $stackData['parentTagName'], $options['grandParentTagMap'][$stackData['grandParentTagName'] . '/' . $stackData['parentTagName']])) {
1502 $attr .= ' index="' . htmlspecialchars($tagName) . '"';
1503 $tagName = (string)$options['grandParentTagMap'][$stackData['grandParentTagName'] . '/' . $stackData['parentTagName']];
1504 } elseif (isset($stackData['parentTagName'], $options['parentTagMap'][$stackData['parentTagName'] . ':_IS_NUM']) && MathUtility::canBeInterpretedAsInteger($tagName)) {
1505 // Use tag based on parent tag name + if current tag is numeric
1506 $attr .= ' index="' . htmlspecialchars($tagName) . '"';
1507 $tagName = (string)$options['parentTagMap'][$stackData['parentTagName'] . ':_IS_NUM'];
1508 } elseif (isset($stackData['parentTagName'], $options['parentTagMap'][$stackData['parentTagName'] . ':' . $tagName])) {
1509 // Use tag based on parent tag name + current tag
1510 $attr .= ' index="' . htmlspecialchars($tagName) . '"';
1511 $tagName = (string)$options['parentTagMap'][$stackData['parentTagName'] . ':' . $tagName];
1512 } elseif (isset($stackData['parentTagName'], $options['parentTagMap'][$stackData['parentTagName']])) {
1513 // Use tag based on parent tag name:
1514 $attr .= ' index="' . htmlspecialchars($tagName) . '"';
1515 $tagName = (string)$options['parentTagMap'][$stackData['parentTagName']];
1516 } elseif (MathUtility::canBeInterpretedAsInteger($tagName)) {
1517 // If integer...;
1518 if ($options['useNindex']) {
1519 // If numeric key, prefix "n"
1520 $tagName = 'n' . $tagName;
1521 } else {
1522 // Use special tag for num. keys:
1523 $attr .= ' index="' . $tagName . '"';
1524 $tagName = $options['useIndexTagForNum'] ?: 'numIndex';
1525 }
1526 } elseif (!empty($options['useIndexTagForAssoc'])) {
1527 // Use tag for all associative keys:
1528 $attr .= ' index="' . htmlspecialchars($tagName) . '"';
1529 $tagName = $options['useIndexTagForAssoc'];
1530 }
1531 // The tag name is cleaned up so only alphanumeric chars (plus - and _) are in there and not longer than 100 chars either.
1532 $tagName = substr(preg_replace('/[^[:alnum:]_-]/', '', $tagName), 0, 100);
1533 // If the value is an array then we will call this function recursively:
1534 if (is_array($v)) {
1535 // Sub elements:
1536 if (isset($options['alt_options']) && $options['alt_options'][($stackData['path'] ?? '') . '/' . $tagName]) {
1537 $subOptions = $options['alt_options'][$stackData['path'] . '/' . $tagName];
1538 $clearStackPath = $subOptions['clearStackPath'];
1539 } else {
1540 $subOptions = $options;
1541 $clearStackPath = false;
1542 }
1543 if (empty($v)) {
1544 $content = '';
1545 } else {
1546 $content = $nl . self::array2xml($v, $NSprefix, $level + 1, '', $spaceInd, $subOptions, [
1547 'parentTagName' => $tagName,
1548 'grandParentTagName' => $stackData['parentTagName'] ?? '',
1549 'path' => $clearStackPath ? '' : ($stackData['path'] ?? '') . '/' . $tagName
1550 ]) . ($spaceInd >= 0 ? str_pad('', ($level + 1) * $indentN, $indentChar) : '');
1551 }
1552 // Do not set "type = array". Makes prettier XML but means that empty arrays are not restored with xml2array
1553 if (!isset($options['disableTypeAttrib']) || (int)$options['disableTypeAttrib'] != 2) {
1554 $attr .= ' type="array"';
1555 }
1556 } else {
1557 // Just a value:
1558 // Look for binary chars:
1559 $vLen = strlen($v);
1560 // Go for base64 encoding if the initial segment NOT matching any binary char has the same length as the whole string!
1561 if ($vLen && strcspn($v, $binaryChars) != $vLen) {
1562 // If the value contained binary chars then we base64-encode it an set an attribute to notify this situation:
1563 $content = $nl . chunk_split(base64_encode($v));
1564 $attr .= ' base64="1"';
1565 } else {
1566 // Otherwise, just htmlspecialchar the stuff:
1567 $content = htmlspecialchars($v);
1568 $dType = gettype($v);
1569 if ($dType === 'string') {
1570 if (isset($options['useCDATA']) && $options['useCDATA'] && $content != $v) {
1571 $content = '<![CDATA[' . $v . ']]>';
1572 }
1573 } elseif (!$options['disableTypeAttrib']) {
1574 $attr .= ' type="' . $dType . '"';
1575 }
1576 }
1577 }
1578 if ((string)$tagName !== '') {
1579 // Add the element to the output string:
1580 $output .= ($spaceInd >= 0 ? str_pad('', ($level + 1) * $indentN, $indentChar) : '')
1581 . '<' . $NSprefix . $tagName . $attr . '>' . $content . '</' . $NSprefix . $tagName . '>' . $nl;
1582 }
1583 }
1584 // If we are at the outer-most level, then we finally wrap it all in the document tags and return that as the value:
1585 if (!$level) {
1586 $output = '<' . $docTag . '>' . $nl . $output . '</' . $docTag . '>';
1587 }
1588 return $output;
1589 }
1590
1591 /**
1592 * Converts an XML string to a PHP array.
1593 * This is the reverse function of array2xml()
1594 * This is a wrapper for xml2arrayProcess that adds a two-level cache
1595 *
1596 * @param string $string XML content to convert into an array
1597 * @param string $NSprefix The tag-prefix resolve, eg. a namespace like "T3:"
1598 * @param bool $reportDocTag If set, the document tag will be set in the key "_DOCUMENT_TAG" of the output array
1599 * @return mixed If the parsing had errors, a string with the error message is returned. Otherwise an array with the content.
1600 * @see array2xml(),xml2arrayProcess()
1601 */
1602 public static function xml2array($string, $NSprefix = '', $reportDocTag = false)
1603 {
1604 $runtimeCache = static::makeInstance(CacheManager::class)->getCache('cache_runtime');
1605 $firstLevelCache = $runtimeCache->get('generalUtilityXml2Array') ?: [];
1606 $identifier = md5($string . $NSprefix . ($reportDocTag ? '1' : '0'));
1607 // Look up in first level cache
1608 if (empty($firstLevelCache[$identifier])) {
1609 $firstLevelCache[$identifier] = self::xml2arrayProcess(trim($string), $NSprefix, $reportDocTag);
1610 $runtimeCache->set('generalUtilityXml2Array', $firstLevelCache);
1611 }
1612 return $firstLevelCache[$identifier];
1613 }
1614
1615 /**
1616 * Converts an XML string to a PHP array.
1617 * This is the reverse function of array2xml()
1618 *
1619 * @param string $string XML content to convert into an array
1620 * @param string $NSprefix The tag-prefix resolve, eg. a namespace like "T3:"
1621 * @param bool $reportDocTag If set, the document tag will be set in the key "_DOCUMENT_TAG" of the output array
1622 * @return mixed If the parsing had errors, a string with the error message is returned. Otherwise an array with the content.
1623 * @see array2xml()
1624 */
1625 protected static function xml2arrayProcess($string, $NSprefix = '', $reportDocTag = false)
1626 {
1627 // Disables the functionality to allow external entities to be loaded when parsing the XML, must be kept
1628 $previousValueOfEntityLoader = libxml_disable_entity_loader(true);
1629 // Create parser:
1630 $parser = xml_parser_create();
1631 $vals = [];
1632 $index = [];
1633 xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, 0);
1634 xml_parser_set_option($parser, XML_OPTION_SKIP_WHITE, 0);
1635 // Default output charset is UTF-8, only ASCII, ISO-8859-1 and UTF-8 are supported!!!
1636 $match = [];
1637 preg_match('/^[[:space:]]*<\\?xml[^>]*encoding[[:space:]]*=[[:space:]]*"([^"]*)"/', substr($string, 0, 200), $match);
1638 $theCharset = $match[1] ?? 'utf-8';
1639 // us-ascii / utf-8 / iso-8859-1
1640 xml_parser_set_option($parser, XML_OPTION_TARGET_ENCODING, $theCharset);
1641 // Parse content:
1642 xml_parse_into_struct($parser, $string, $vals, $index);
1643 libxml_disable_entity_loader($previousValueOfEntityLoader);
1644 // If error, return error message:
1645 if (xml_get_error_code($parser)) {
1646 return 'Line ' . xml_get_current_line_number($parser) . ': ' . xml_error_string(xml_get_error_code($parser));
1647 }
1648 xml_parser_free($parser);
1649 // Init vars:
1650 $stack = [[]];
1651 $stacktop = 0;
1652 $current = [];
1653 $tagName = '';
1654 $documentTag = '';
1655 // Traverse the parsed XML structure:
1656 foreach ($vals as $key => $val) {
1657 // First, process the tag-name (which is used in both cases, whether "complete" or "close")
1658 $tagName = $val['tag'];
1659 if (!$documentTag) {
1660 $documentTag = $tagName;
1661 }
1662 // Test for name space:
1663 $tagName = $NSprefix && strpos($tagName, $NSprefix) === 0 ? substr($tagName, strlen($NSprefix)) : $tagName;
1664 // Test for numeric tag, encoded on the form "nXXX":
1665 $testNtag = substr($tagName, 1);
1666 // Closing tag.
1667 $tagName = $tagName[0] === 'n' && MathUtility::canBeInterpretedAsInteger($testNtag) ? (int)$testNtag : $tagName;
1668 // Test for alternative index value:
1669 if ((string)($val['attributes']['index'] ?? '') !== '') {
1670 $tagName = $val['attributes']['index'];
1671 }
1672 // Setting tag-values, manage stack:
1673 switch ($val['type']) {
1674 case 'open':
1675 // If open tag it means there is an array stored in sub-elements. Therefore increase the stackpointer and reset the accumulation array:
1676 // Setting blank place holder
1677 $current[$tagName] = [];
1678 $stack[$stacktop++] = $current;
1679 $current = [];
1680 break;
1681 case 'close':
1682 // If the tag is "close" then it is an array which is closing and we decrease the stack pointer.
1683 $oldCurrent = $current;
1684 $current = $stack[--$stacktop];
1685 // Going to the end of array to get placeholder key, key($current), and fill in array next:
1686 end($current);
1687 $current[key($current)] = $oldCurrent;
1688 unset($oldCurrent);
1689 break;
1690 case 'complete':
1691 // If "complete", then it's a value. If the attribute "base64" is set, then decode the value, otherwise just set it.
1692 if (!empty($val['attributes']['base64'])) {
1693 $current[$tagName] = base64_decode($val['value']);
1694 } else {
1695 // Had to cast it as a string - otherwise it would be evaluate FALSE if tested with isset()!!
1696 $current[$tagName] = (string)($val['value'] ?? '');
1697 // Cast type:
1698 switch ((string)($val['attributes']['type'] ?? '')) {
1699 case 'integer':
1700 $current[$tagName] = (int)$current[$tagName];
1701 break;
1702 case 'double':
1703 $current[$tagName] = (double)$current[$tagName];
1704 break;
1705 case 'boolean':
1706 $current[$tagName] = (bool)$current[$tagName];
1707 break;
1708 case 'NULL':
1709 $current[$tagName] = null;
1710 break;
1711 case 'array':
1712 // MUST be an empty array since it is processed as a value; Empty arrays would end up here because they would have no tags inside...
1713 $current[$tagName] = [];
1714 break;
1715 }
1716 }
1717 break;
1718 }
1719 }
1720 if ($reportDocTag) {
1721 $current[$tagName]['_DOCUMENT_TAG'] = $documentTag;
1722 }
1723 // Finally return the content of the document tag.
1724 return $current[$tagName];
1725 }
1726
1727 /**
1728 * This implodes an array of XML parts (made with xml_parse_into_struct()) into XML again.
1729 *
1730 * @param array $vals An array of XML parts, see xml2tree
1731 * @return string Re-compiled XML data.
1732 */
1733 public static function xmlRecompileFromStructValArray(array $vals)
1734 {
1735 $XMLcontent = '';
1736 foreach ($vals as $val) {
1737 $type = $val['type'];
1738 // Open tag:
1739 if ($type === 'open' || $type === 'complete') {
1740 $XMLcontent .= '<' . $val['tag'];
1741 if (isset($val['attributes'])) {
1742 foreach ($val['attributes'] as $k => $v) {
1743 $XMLcontent .= ' ' . $k . '="' . htmlspecialchars($v) . '"';
1744 }
1745 }
1746 if ($type === 'complete') {
1747 if (isset($val['value'])) {
1748 $XMLcontent .= '>' . htmlspecialchars($val['value']) . '</' . $val['tag'] . '>';
1749 } else {
1750 $XMLcontent .= '/>';
1751 }
1752 } else {
1753 $XMLcontent .= '>';
1754 }
1755 if ($type === 'open' && isset($val['value'])) {
1756 $XMLcontent .= htmlspecialchars($val['value']);
1757 }
1758 }
1759 // Finish tag:
1760 if ($type === 'close') {
1761 $XMLcontent .= '</' . $val['tag'] . '>';
1762 }
1763 // Cdata
1764 if ($type === 'cdata') {
1765 $XMLcontent .= htmlspecialchars($val['value']);
1766 }
1767 }
1768 return $XMLcontent;
1769 }
1770
1771 /**
1772 * Minifies JavaScript
1773 *
1774 * @param string $script Script to minify
1775 * @param string $error Error message (if any)
1776 * @return string Minified script or source string if error happened
1777 */
1778 public static function minifyJavaScript($script, &$error = '')
1779 {
1780 $fakeThis = false;
1781 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_div.php']['minifyJavaScript'] ?? [] as $hookMethod) {
1782 try {
1783 $parameters = ['script' => $script];
1784 $script = static::callUserFunction($hookMethod, $parameters, $fakeThis);
1785 } catch (\Exception $e) {
1786 $errorMessage = 'Error minifying java script: ' . $e->getMessage();
1787 $error .= $errorMessage;
1788 static::getLogger()->warning($errorMessage, [
1789 'JavaScript' => $script,
1790 'hook' => $hookMethod,
1791 'exception' => $e,
1792 ]);
1793 }
1794 }
1795 return $script;
1796 }
1797
1798 /*************************
1799 *
1800 * FILES FUNCTIONS
1801 *
1802 *************************/
1803 /**
1804 * Reads the file or url $url and returns the content
1805 * If you are having trouble with proxies when reading URLs you can configure your way out of that with settings within $GLOBALS['TYPO3_CONF_VARS']['HTTP'].
1806 *
1807 * @param string $url File/URL to read
1808 * @param int $includeHeader Whether the HTTP header should be fetched or not. 0=disable, 1=fetch header+content, 2=fetch header only
1809 * @param array $requestHeaders HTTP headers to be used in the request
1810 * @param array $report Error code/message and, if $includeHeader is 1, response meta data (HTTP status and content type)
1811 * @return mixed The content from the resource given as input. FALSE if an error has occurred.
1812 */
1813 public static function getUrl($url, $includeHeader = 0, $requestHeaders = null, &$report = null)
1814 {
1815 if (isset($report)) {
1816 $report['error'] = 0;
1817 $report['message'] = '';
1818 }
1819 // Looks like it's an external file, use Guzzle by default
1820 if (preg_match('/^(?:http|ftp)s?|s(?:ftp|cp):/', $url)) {
1821 /** @var RequestFactory $requestFactory */
1822 $requestFactory = static::makeInstance(RequestFactory::class);
1823 if (is_array($requestHeaders)) {
1824 // Check is $requestHeaders is an associative array or not
1825 if (count(array_filter(array_keys($requestHeaders), 'is_string')) === 0) {
1826 trigger_error('Request headers as colon-separated string will stop working in TYPO3 v10.0, use an associative array instead.', E_USER_DEPRECATED);
1827 // Convert cURL style lines of headers to Guzzle key/value(s) pairs.
1828 $requestHeaders = static::splitHeaderLines($requestHeaders);
1829 }
1830 $configuration = ['headers' => $requestHeaders];
1831 } else {
1832 $configuration = [];
1833 }
1834 $includeHeader = (int)$includeHeader;
1835 $method = $includeHeader === 2 ? 'HEAD' : 'GET';
1836 try {
1837 if (isset($report)) {
1838 $report['lib'] = 'GuzzleHttp';
1839 }
1840 $response = $requestFactory->request($url, $method, $configuration);
1841 } catch (RequestException $exception) {
1842 if (isset($report)) {
1843 $report['error'] = $exception->getCode() ?: 1518707554;
1844 $report['message'] = $exception->getMessage();
1845 $report['exception'] = $exception;
1846 }
1847 return false;
1848 }
1849 $content = '';
1850 // Add the headers to the output
1851 if ($includeHeader) {
1852 $parsedURL = parse_url($url);
1853 $content = $method . ' ' . ($parsedURL['path'] ?? '/')
1854 . (!empty($parsedURL['query']) ? '?' . $parsedURL['query'] : '') . ' HTTP/1.0' . CRLF
1855 . 'Host: ' . $parsedURL['host'] . CRLF
1856 . 'Connection: close' . CRLF;
1857 if (is_array($requestHeaders)) {
1858 $content .= implode(CRLF, $requestHeaders) . CRLF;
1859 }
1860 foreach ($response->getHeaders() as $headerName => $headerValues) {
1861 $content .= $headerName . ': ' . implode(', ', $headerValues) . CRLF;
1862 }
1863 // Headers are separated from the body with two CRLFs
1864 $content .= CRLF;
1865 }
1866
1867 $content .= $response->getBody()->getContents();
1868
1869 if (isset($report)) {
1870 if ($response->getStatusCode() >= 300 && $response->getStatusCode() < 400) {
1871 $report['http_code'] = $response->getStatusCode();
1872 $report['content_type'] = $response->getHeaderLine('Content-Type');
1873 $report['error'] = $response->getStatusCode();
1874 $report['message'] = $response->getReasonPhrase();
1875 } elseif (empty($content)) {
1876 $report['error'] = $response->getStatusCode();
1877 $report['message'] = $response->getReasonPhrase();
1878 } elseif ($includeHeader) {
1879 // Set only for $includeHeader to work exactly like PHP variant
1880 $report['http_code'] = $response->getStatusCode();
1881 $report['content_type'] = $response->getHeaderLine('Content-Type');
1882 }
1883 }
1884 } else {
1885 if (isset($report)) {
1886 $report['lib'] = 'file';
1887 }
1888 $content = @file_get_contents($url);
1889 if ($content === false && isset($report)) {
1890 $report['error'] = -1;
1891 $report['message'] = 'Couldn\'t get URL: ' . $url;
1892 }
1893 }
1894 return $content;
1895 }
1896
1897 /**
1898 * Split an array of MIME header strings into an associative array.
1899 * Multiple headers with the same name have their values merged as an array.
1900 *
1901 * @static
1902 * @param array $headers List of headers, eg. ['Foo: Bar', 'Foo: Baz']
1903 * @return array Key/Value(s) pairs of headers, eg. ['Foo' => ['Bar', 'Baz']]
1904 */
1905 protected static function splitHeaderLines(array $headers): array
1906 {
1907 $newHeaders = [];
1908 foreach ($headers as $header) {
1909 $parts = preg_split('/:[ \t]*/', $header, 2, PREG_SPLIT_NO_EMPTY);
1910 if (count($parts) !== 2) {
1911 continue;
1912 }
1913 $key = &$parts[0];
1914 $value = &$parts[1];
1915 if (array_key_exists($key, $newHeaders)) {
1916 if (is_array($newHeaders[$key])) {
1917 $newHeaders[$key][] = $value;
1918 } else {
1919 $prevValue = &$newHeaders[$key];
1920 $newHeaders[$key] = [$prevValue, $value];
1921 }
1922 } else {
1923 $newHeaders[$key] = $value;
1924 }
1925 }
1926 return $newHeaders;
1927 }
1928
1929 /**
1930 * Writes $content to the file $file
1931 *
1932 * @param string $file Filepath to write to
1933 * @param string $content Content to write
1934 * @param bool $changePermissions If TRUE, permissions are forced to be set
1935 * @return bool TRUE if the file was successfully opened and written to.
1936 */
1937 public static function writeFile($file, $content, $changePermissions = false)
1938 {
1939 if (!@is_file($file)) {
1940 $changePermissions = true;
1941 }
1942 if ($fd = fopen($file, 'wb')) {
1943 $res = fwrite($fd, $content);
1944 fclose($fd);
1945 if ($res === false) {
1946 return false;
1947 }
1948 // Change the permissions only if the file has just been created
1949 if ($changePermissions) {
1950 static::fixPermissions($file);
1951 }
1952 return true;
1953 }
1954 return false;
1955 }
1956
1957 /**
1958 * Sets the file system mode and group ownership of a file or a folder.
1959 *
1960 * @param string $path Path of file or folder, must not be escaped. Path can be absolute or relative
1961 * @param bool $recursive If set, also fixes permissions of files and folders in the folder (if $path is a folder)
1962 * @return mixed TRUE on success, FALSE on error, always TRUE on Windows OS
1963 */
1964 public static function fixPermissions($path, $recursive = false)
1965 {
1966 if (Environment::isWindows()) {
1967 return true;
1968 }
1969 $result = false;
1970 // Make path absolute
1971 if (!static::isAbsPath($path)) {
1972 $path = static::getFileAbsFileName($path);
1973 }
1974 if (static::isAllowedAbsPath($path)) {
1975 if (@is_file($path)) {
1976 $targetPermissions = $GLOBALS['TYPO3_CONF_VARS']['SYS']['fileCreateMask'] ?? '0644';
1977 } elseif (@is_dir($path)) {
1978 $targetPermissions = $GLOBALS['TYPO3_CONF_VARS']['SYS']['folderCreateMask'] ?? '0755';
1979 }
1980 if (!empty($targetPermissions)) {
1981 // make sure it's always 4 digits
1982 $targetPermissions = str_pad($targetPermissions, 4, 0, STR_PAD_LEFT);
1983 $targetPermissions = octdec($targetPermissions);
1984 // "@" is there because file is not necessarily OWNED by the user
1985 $result = @chmod($path, $targetPermissions);
1986 }
1987 // Set createGroup if not empty
1988 if (
1989 isset($GLOBALS['TYPO3_CONF_VARS']['SYS']['createGroup'])
1990 && $GLOBALS['TYPO3_CONF_VARS']['SYS']['createGroup'] !== ''
1991 ) {
1992 // "@" is there because file is not necessarily OWNED by the user
1993 $changeGroupResult = @chgrp($path, $GLOBALS['TYPO3_CONF_VARS']['SYS']['createGroup']);
1994 $result = $changeGroupResult ? $result : false;
1995 }
1996 // Call recursive if recursive flag if set and $path is directory
1997 if ($recursive && @is_dir($path)) {
1998 $handle = opendir($path);
1999 if (is_resource($handle)) {
2000 while (($file = readdir($handle)) !== false) {
2001 $recursionResult = null;
2002 if ($file !== '.' && $file !== '..') {
2003 if (@is_file($path . '/' . $file)) {
2004 $recursionResult = static::fixPermissions($path . '/' . $file);
2005 } elseif (@is_dir($path . '/' . $file)) {
2006 $recursionResult = static::fixPermissions($path . '/' . $file, true);
2007 }
2008 if (isset($recursionResult) && !$recursionResult) {
2009 $result = false;
2010 }
2011 }
2012 }
2013 closedir($handle);
2014 }
2015 }
2016 }
2017 return $result;
2018 }
2019
2020 /**
2021 * Writes $content to a filename in the typo3temp/ folder (and possibly one or two subfolders...)
2022 * Accepts an additional subdirectory in the file path!
2023 *
2024 * @param string $filepath Absolute file path to write within the typo3temp/ or Environment::getVarPath() folder - the file path must be prefixed with this path
2025 * @param string $content Content string to write
2026 * @return string Returns NULL on success, otherwise an error string telling about the problem.
2027 */
2028 public static function writeFileToTypo3tempDir($filepath, $content)
2029 {
2030 // Parse filepath into directory and basename:
2031 $fI = pathinfo($filepath);
2032 $fI['dirname'] .= '/';
2033 // Check parts:
2034 if (!static::validPathStr($filepath) || !$fI['basename'] || strlen($fI['basename']) >= 60) {
2035 return 'Input filepath "' . $filepath . '" was generally invalid!';
2036 }
2037
2038 // Setting main temporary directory name (standard)
2039 $allowedPathPrefixes = [
2040 Environment::getPublicPath() . '/typo3temp' => 'Environment::getPublicPath() + "/typo3temp/"'
2041 ];
2042 // Also allow project-path + /var/
2043 if (Environment::getVarPath() !== Environment::getPublicPath() . '/typo3temp/var') {
2044 $relPath = substr(Environment::getVarPath(), strlen(Environment::getProjectPath()) + 1);
2045 $allowedPathPrefixes[Environment::getVarPath()] = 'ProjectPath + ' . $relPath;
2046 }
2047
2048 $errorMessage = null;
2049 foreach ($allowedPathPrefixes as $pathPrefix => $prefixLabel) {
2050 $dirName = $pathPrefix . '/';
2051 // Invalid file path, let's check for the other path, if it exists
2052 if (!static::isFirstPartOfStr($fI['dirname'], $dirName)) {
2053 if ($errorMessage === null) {
2054 $errorMessage = '"' . $fI['dirname'] . '" was not within directory ' . $prefixLabel;
2055 }
2056 continue;
2057 }
2058 // This resets previous error messages from the first path
2059 $errorMessage = null;
2060
2061 if (!@is_dir($dirName)) {
2062 $errorMessage = $prefixLabel . ' was not a directory!';
2063 // continue and see if the next iteration resets the errorMessage above
2064 continue;
2065 }
2066 // Checking if the "subdir" is found
2067 $subdir = substr($fI['dirname'], strlen($dirName));
2068 if ($subdir) {
2069 if (preg_match('#^(?:[[:alnum:]_]+/)+$#', $subdir)) {
2070 $dirName .= $subdir;
2071 if (!@is_dir($dirName)) {
2072 static::mkdir_deep($pathPrefix . '/' . $subdir);
2073 }
2074 } else {
2075 $errorMessage = 'Subdir, "' . $subdir . '", was NOT on the form "[[:alnum:]_]/+"';
2076 break;
2077 }
2078 }
2079 // Checking dir-name again (sub-dir might have been created)
2080 if (@is_dir($dirName)) {
2081 if ($filepath === $dirName . $fI['basename']) {
2082 static::writeFile($filepath, $content);
2083 if (!@is_file($filepath)) {
2084 $errorMessage = 'The file was not written to the disk. Please, check that you have write permissions to the ' . $prefixLabel . ' directory.';
2085 break;
2086 }
2087 } else {
2088 $errorMessage = 'Calculated file location didn\'t match input "' . $filepath . '".';
2089 break;
2090 }
2091 } else {
2092 $errorMessage = '"' . $dirName . '" is not a directory!';
2093 break;
2094 }
2095 }
2096 return $errorMessage;
2097 }
2098
2099 /**
2100 * Wrapper function for mkdir.
2101 * Sets folder permissions according to $GLOBALS['TYPO3_CONF_VARS']['SYS']['folderCreateMask']
2102 * and group ownership according to $GLOBALS['TYPO3_CONF_VARS']['SYS']['createGroup']
2103 *
2104 * @param string $newFolder Absolute path to folder, see PHP mkdir() function. Removes trailing slash internally.
2105 * @return bool TRUE if @mkdir went well!
2106 */
2107 public static function mkdir($newFolder)
2108 {
2109 $result = @mkdir($newFolder, octdec($GLOBALS['TYPO3_CONF_VARS']['SYS']['folderCreateMask']));
2110 if ($result) {
2111 static::fixPermissions($newFolder);
2112 }
2113 return $result;
2114 }
2115
2116 /**
2117 * Creates a directory - including parent directories if necessary and
2118 * sets permissions on newly created directories.
2119 *
2120 * @param string $directory Target directory to create. Must a have trailing slash
2121 * @param string $deepDirectory Directory to create. This second parameter is deprecated since TYPO3 v9, and will be removed in TYPO3 v10.0.
2122 * @throws \InvalidArgumentException If $directory or $deepDirectory are not strings
2123 * @throws \RuntimeException If directory could not be created
2124 */
2125 public static function mkdir_deep($directory, $deepDirectory = '')
2126 {
2127 if (!is_string($directory)) {
2128 throw new \InvalidArgumentException('The specified directory is of type "' . gettype($directory) . '" but a string is expected.', 1303662955);
2129 }
2130 if (!is_string($deepDirectory)) {
2131 throw new \InvalidArgumentException('The specified directory is of type "' . gettype($deepDirectory) . '" but a string is expected.', 1303662956);
2132 }
2133 // Ensure there is only one slash
2134 $fullPath = rtrim($directory, '/') . '/';
2135 if ($deepDirectory !== '') {
2136 trigger_error('Second argument $deepDirectory of GeneralUtility::mkdir_deep() will be removed in TYPO3 v10.0, use a combined string as first argument instead.', E_USER_DEPRECATED);
2137 $fullPath .= ltrim($deepDirectory, '/');
2138 }
2139 if ($fullPath !== '/' && !is_dir($fullPath)) {
2140 $firstCreatedPath = static::createDirectoryPath($fullPath);
2141 if ($firstCreatedPath !== '') {
2142 static::fixPermissions($firstCreatedPath, true);
2143 }
2144 }
2145 }
2146
2147 /**
2148 * Creates directories for the specified paths if they do not exist. This
2149 * functions sets proper permission mask but does not set proper user and
2150 * group.
2151 *
2152 * @static
2153 * @param string $fullDirectoryPath
2154 * @return string Path to the the first created directory in the hierarchy
2155 * @see \TYPO3\CMS\Core\Utility\GeneralUtility::mkdir_deep
2156 * @throws \RuntimeException If directory could not be created
2157 */
2158 protected static function createDirectoryPath($fullDirectoryPath)
2159 {
2160 $currentPath = $fullDirectoryPath;
2161 $firstCreatedPath = '';
2162 $permissionMask = octdec($GLOBALS['TYPO3_CONF_VARS']['SYS']['folderCreateMask']);
2163 if (!@is_dir($currentPath)) {
2164 do {
2165 $firstCreatedPath = $currentPath;
2166 $separatorPosition = strrpos($currentPath, DIRECTORY_SEPARATOR);
2167 $currentPath = substr($currentPath, 0, $separatorPosition);
2168 } while (!is_dir($currentPath) && $separatorPosition !== false);
2169 $result = @mkdir($fullDirectoryPath, $permissionMask, true);
2170 // Check existence of directory again to avoid race condition. Directory could have get created by another process between previous is_dir() and mkdir()
2171 if (!$result && !@is_dir($fullDirectoryPath)) {
2172 throw new \RuntimeException('Could not create directory "' . $fullDirectoryPath . '"!', 1170251401);
2173 }
2174 }
2175 return $firstCreatedPath;
2176 }
2177
2178 /**
2179 * Wrapper function for rmdir, allowing recursive deletion of folders and files
2180 *
2181 * @param string $path Absolute path to folder, see PHP rmdir() function. Removes trailing slash internally.
2182 * @param bool $removeNonEmpty Allow deletion of non-empty directories
2183 * @return bool TRUE if @rmdir went well!
2184 */
2185 public static function rmdir($path, $removeNonEmpty = false)
2186 {
2187 $OK = false;
2188 // Remove trailing slash
2189 $path = preg_replace('|/$|', '', $path);
2190 $isWindows = DIRECTORY_SEPARATOR === '\\';
2191 if (file_exists($path)) {
2192 $OK = true;
2193 if (!is_link($path) && is_dir($path)) {
2194 if ($removeNonEmpty == true && ($handle = @opendir($path))) {
2195 while ($OK && false !== ($file = readdir($handle))) {
2196 if ($file === '.' || $file === '..') {
2197 continue;
2198 }
2199 $OK = static::rmdir($path . '/' . $file, $removeNonEmpty);
2200 }
2201 closedir($handle);
2202 }
2203 if ($OK) {
2204 $OK = @rmdir($path);
2205 }
2206 } elseif (is_link($path) && is_dir($path) && $isWindows) {
2207 $OK = @rmdir($path);
2208 } else {
2209 // If $path is a file, simply remove it
2210 $OK = @unlink($path);
2211 }
2212 clearstatcache();
2213 } elseif (is_link($path)) {
2214 $OK = @unlink($path);
2215 if (!$OK && $isWindows) {
2216 // Try to delete dead folder links on Windows systems
2217 $OK = @rmdir($path);
2218 }
2219 clearstatcache();
2220 }
2221 return $OK;
2222 }
2223
2224 /**
2225 * Flushes a directory by first moving to a temporary resource, and then
2226 * triggering the remove process. This way directories can be flushed faster
2227 * to prevent race conditions on concurrent processes accessing the same directory.
2228 *
2229 * @param string $directory The directory to be renamed and flushed
2230 * @param bool $keepOriginalDirectory Whether to only empty the directory and not remove it
2231 * @param bool $flushOpcodeCache Also flush the opcode cache right after renaming the directory.
2232 * @return bool Whether the action was successful
2233 */
2234 public static function flushDirectory($directory, $keepOriginalDirectory = false, $flushOpcodeCache = false)
2235 {
2236 $result = false;
2237
2238 if (is_dir($directory)) {
2239 $temporaryDirectory = rtrim($directory, '/') . '.' . StringUtility::getUniqueId('remove') . '/';
2240 if (rename($directory, $temporaryDirectory)) {
2241 if ($flushOpcodeCache) {
2242 self::makeInstance(OpcodeCacheService::class)->clearAllActive($directory);
2243 }
2244 if ($keepOriginalDirectory) {
2245 static::mkdir($directory);
2246 }
2247 clearstatcache();
2248 $result = static::rmdir($temporaryDirectory, true);
2249 }
2250 }
2251
2252 return $result;
2253 }
2254
2255 /**
2256 * Returns an array with the names of folders in a specific path
2257 * Will return 'error' (string) if there were an error with reading directory content.
2258 *
2259 * @param string $path Path to list directories from
2260 * @return array Returns an array with the directory entries as values. If no path, the return value is nothing.
2261 */
2262 public static function get_dirs($path)
2263 {
2264 $dirs = null;
2265 if ($path) {
2266 if (is_dir($path)) {
2267 $dir = scandir($path);
2268 $dirs = [];
2269 foreach ($dir as $entry) {
2270 if (is_dir($path . '/' . $entry) && $entry !== '..' && $entry !== '.') {
2271 $dirs[] = $entry;
2272 }
2273 }
2274 } else {
2275 $dirs = 'error';
2276 }
2277 }
2278 return $dirs;
2279 }
2280
2281 /**
2282 * Finds all files in a given path and returns them as an array. Each
2283 * array key is a md5 hash of the full path to the file. This is done because
2284 * 'some' extensions like the import/export extension depend on this.
2285 *
2286 * @param string $path The path to retrieve the files from.
2287 * @param string $extensionList A comma-separated list of file extensions. Only files of the specified types will be retrieved. When left blank, files of any type will be retrieved.
2288 * @param bool $prependPath If TRUE, the full path to the file is returned. If FALSE only the file name is returned.
2289 * @param string $order The sorting order. The default sorting order is alphabetical. Setting $order to 'mtime' will sort the files by modification time.
2290 * @param string $excludePattern A regular expression pattern of file names to exclude. For example: 'clear.gif' or '(clear.gif|.htaccess)'. The pattern will be wrapped with: '/^' and '$/'.
2291 * @return array|string Array of the files found, or an error message in case the path could not be opened.
2292 */
2293 public static function getFilesInDir($path, $extensionList = '', $prependPath = false, $order = '', $excludePattern = '')
2294 {
2295 $excludePattern = (string)$excludePattern;
2296 $path = rtrim($path, '/');
2297 if (!@is_dir($path)) {
2298 return [];
2299 }
2300
2301 $rawFileList = scandir($path);
2302 if ($rawFileList === false) {
2303 return 'error opening path: "' . $path . '"';
2304 }
2305
2306 $pathPrefix = $path . '/';
2307 $allowedFileExtensionArray = self::trimExplode(',', $extensionList);
2308 $extensionList = ',' . str_replace(' ', '', $extensionList) . ',';
2309 $files = [];
2310 foreach ($rawFileList as $entry) {
2311 $completePathToEntry = $pathPrefix . $entry;
2312 if (!@is_file($completePathToEntry)) {
2313 continue;
2314 }
2315
2316 foreach ($allowedFileExtensionArray as $allowedFileExtension) {
2317 if (
2318 ($extensionList === ',,' || stripos($extensionList, ',' . substr($entry, strlen($allowedFileExtension) * -1, strlen($allowedFileExtension)) . ',') !== false)
2319 && ($excludePattern === '' || !preg_match('/^' . $excludePattern . '$/', $entry))
2320 ) {
2321 if ($order !== 'mtime') {
2322 $files[] = $entry;
2323 } else {
2324 // Store the value in the key so we can do a fast asort later.
2325 $files[$entry] = filemtime($completePathToEntry);
2326 }
2327 }
2328 }
2329 }
2330
2331 $valueName = 'value';
2332 if ($order === 'mtime') {
2333 asort($files);
2334 $valueName = 'key';
2335 }
2336
2337 $valuePathPrefix = $prependPath ? $pathPrefix : '';
2338 $foundFiles = [];
2339 foreach ($files as $key => $value) {
2340 // Don't change this ever - extensions may depend on the fact that the hash is an md5 of the path! (import/export extension)
2341 $foundFiles[md5($pathPrefix . ${$valueName})] = $valuePathPrefix . ${$valueName};
2342 }
2343
2344 return $foundFiles;
2345 }
2346
2347 /**
2348 * Recursively gather all files and folders of a path.
2349 *
2350 * @param array $fileArr Empty input array (will have files added to it)
2351 * @param string $path The path to read recursively from (absolute) (include trailing slash!)
2352 * @param string $extList Comma list of file extensions: Only files with extensions in this list (if applicable) will be selected.
2353 * @param bool $regDirs If set, directories are also included in output.
2354 * @param int $recursivityLevels The number of levels to dig down...
2355 * @param string $excludePattern regex pattern of files/directories to exclude
2356 * @return array An array with the found files/directories.
2357 */
2358 public static function getAllFilesAndFoldersInPath(array $fileArr, $path, $extList = '', $regDirs = false, $recursivityLevels = 99, $excludePattern = '')
2359 {
2360 if ($regDirs) {
2361 $fileArr[md5($path)] = $path;
2362 }
2363 $fileArr = array_merge($fileArr, self::getFilesInDir($path, $extList, 1, 1, $excludePattern));
2364 $dirs = self::get_dirs($path);
2365 if ($recursivityLevels > 0 && is_array($dirs)) {
2366 foreach ($dirs as $subdirs) {
2367 if ((string)$subdirs !== '' && ($excludePattern === '' || !preg_match('/^' . $excludePattern . '$/', $subdirs))) {
2368 $fileArr = self::getAllFilesAndFoldersInPath($fileArr, $path . $subdirs . '/', $extList, $regDirs, $recursivityLevels - 1, $excludePattern);
2369 }
2370 }
2371 }
2372 return $fileArr;
2373 }
2374
2375 /**
2376 * Removes the absolute part of all files/folders in fileArr
2377 *
2378 * @param array $fileArr The file array to remove the prefix from
2379 * @param string $prefixToRemove The prefix path to remove (if found as first part of string!)
2380 * @return array|string The input $fileArr processed, or a string with an error message, when an error occurred.
2381 */
2382 public static function removePrefixPathFromList(array $fileArr, $prefixToRemove)
2383 {
2384 foreach ($fileArr as $k => &$absFileRef) {
2385 if (self::isFirstPartOfStr($absFileRef, $prefixToRemove)) {
2386 $absFileRef = substr($absFileRef, strlen($prefixToRemove));
2387 } else {
2388 return 'ERROR: One or more of the files was NOT prefixed with the prefix-path!';
2389 }
2390 }
2391 unset($absFileRef);
2392 return $fileArr;
2393 }
2394
2395 /**
2396 * Fixes a path for windows-backslashes and reduces double-slashes to single slashes
2397 *
2398 * @param string $theFile File path to process
2399 * @return string
2400 */
2401 public static function fixWindowsFilePath($theFile)
2402 {
2403 return str_replace(['\\', '//'], '/', $theFile);
2404 }
2405
2406 /**
2407 * Resolves "../" sections in the input path string.
2408 * For example "fileadmin/directory/../other_directory/" will be resolved to "fileadmin/other_directory/"
2409 *
2410 * @param string $pathStr File path in which "/../" is resolved
2411 * @return string
2412 */
2413 public static function resolveBackPath($pathStr)
2414 {
2415 if (strpos($pathStr, '..') === false) {
2416 return $pathStr;
2417 }
2418 $parts = explode('/', $pathStr);
2419 $output = [];
2420 $c = 0;
2421 foreach ($parts as $part) {
2422 if ($part === '..') {
2423 if ($c) {
2424 array_pop($output);
2425 --$c;
2426 } else {
2427 $output[] = $part;
2428 }
2429 } else {
2430 ++$c;
2431 $output[] = $part;
2432 }
2433 }
2434 return implode('/', $output);
2435 }
2436
2437 /**
2438 * Prefixes a URL used with 'header-location' with 'http://...' depending on whether it has it already.
2439 * - If already having a scheme, nothing is prepended
2440 * - If having REQUEST_URI slash '/', then prefixing 'http://[host]' (relative to host)
2441 * - Otherwise prefixed with TYPO3_REQUEST_DIR (relative to current dir / TYPO3_REQUEST_DIR)
2442 *
2443 * @param string $path URL / path to prepend full URL addressing to.
2444 * @return string
2445 */
2446 public static function locationHeaderUrl($path)
2447 {
2448 if (strpos($path, '//') === 0) {
2449 return $path;
2450 }
2451
2452 // relative to HOST
2453 if (strpos($path, '/') === 0) {
2454 return self::getIndpEnv('TYPO3_REQUEST_HOST') . $path;
2455 }
2456
2457 $urlComponents = parse_url($path);
2458 if (!($urlComponents['scheme'] ?? false)) {
2459 // No scheme either
2460 return self::getIndpEnv('TYPO3_REQUEST_DIR') . $path;
2461 }
2462
2463 return $path;
2464 }
2465
2466 /**
2467 * Returns the maximum upload size for a file that is allowed. Measured in KB.
2468 * This might be handy to find out the real upload limit that is possible for this
2469 * TYPO3 installation.
2470 *
2471 * @return int The maximum size of uploads that are allowed (measured in kilobytes)
2472 */
2473 public static function getMaxUploadFileSize()
2474 {
2475 // Check for PHP restrictions of the maximum size of one of the $_FILES
2476 $phpUploadLimit = self::getBytesFromSizeMeasurement(ini_get('upload_max_filesize'));
2477 // Check for PHP restrictions of the maximum $_POST size
2478 $phpPostLimit = self::getBytesFromSizeMeasurement(ini_get('post_max_size'));
2479 // If the total amount of post data is smaller (!) than the upload_max_filesize directive,
2480 // then this is the real limit in PHP
2481 $phpUploadLimit = $phpPostLimit > 0 && $phpPostLimit < $phpUploadLimit ? $phpPostLimit : $phpUploadLimit;
2482 return floor($phpUploadLimit) / 1024;
2483 }
2484
2485 /**
2486 * Gets the bytes value from a measurement string like "100k".
2487 *
2488 * @param string $measurement The measurement (e.g. "100k")
2489 * @return int The bytes value (e.g. 102400)
2490 */
2491 public static function getBytesFromSizeMeasurement($measurement)
2492 {
2493 $bytes = (float)$measurement;
2494 if (stripos($measurement, 'G')) {
2495 $bytes *= 1024 * 1024 * 1024;
2496 } elseif (stripos($measurement, 'M')) {
2497 $bytes *= 1024 * 1024;
2498 } elseif (stripos($measurement, 'K')) {
2499 $bytes *= 1024;
2500 }
2501 return $bytes;
2502 }
2503
2504 /**
2505 * Function for static version numbers on files, based on the filemtime
2506 *
2507 * This will make the filename automatically change when a file is
2508 * changed, and by that re-cached by the browser. If the file does not
2509 * exist physically the original file passed to the function is
2510 * returned without the timestamp.
2511 *
2512 * Behaviour is influenced by the setting
2513 * TYPO3_CONF_VARS[TYPO3_MODE][versionNumberInFilename]
2514 * = TRUE (BE) / "embed" (FE) : modify filename
2515 * = FALSE (BE) / "querystring" (FE) : add timestamp as parameter
2516 *
2517 * @param string $file Relative path to file including all potential query parameters (not htmlspecialchared yet)
2518 * @return string Relative path with version filename including the timestamp
2519 */
2520 public static function createVersionNumberedFilename($file)
2521 {
2522 $lookupFile = explode('?', $file);
2523 $path = self::resolveBackPath(self::dirname(Environment::getCurrentScript()) . '/' . $lookupFile[0]);
2524
2525 $doNothing = false;
2526 if (TYPO3_MODE === 'FE') {
2527 $mode = strtolower($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['versionNumberInFilename']);
2528 if ($mode === 'embed') {
2529 $mode = true;
2530 } else {
2531 if ($mode === 'querystring') {
2532 $mode = false;
2533 } else {
2534 $doNothing = true;
2535 }
2536 }
2537 } else {
2538 $mode = $GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['versionNumberInFilename'];
2539 }
2540 if ($doNothing || !file_exists($path)) {
2541 // File not found, return filename unaltered
2542 $fullName = $file;
2543 } else {
2544 if (!$mode) {
2545 // If use of .htaccess rule is not configured,
2546 // we use the default query-string method
2547 if (!empty($lookupFile[1])) {
2548 $separator = '&';
2549 } else {
2550 $separator = '?';
2551 }
2552 $fullName = $file . $separator . filemtime($path);
2553 } else {
2554 // Change the filename
2555 $name = explode('.', $lookupFile[0]);
2556 $extension = array_pop($name);
2557 array_push($name, filemtime($path), $extension);
2558 $fullName = implode('.', $name);
2559 // Append potential query string
2560 $fullName .= $lookupFile[1] ? '?' . $lookupFile[1] : '';
2561 }
2562 }
2563 return $fullName;
2564 }
2565
2566 /**
2567 * Writes string to a temporary file named after the md5-hash of the string
2568 * Quite useful for extensions adding their custom built JavaScript during runtime.
2569 *
2570 * @param string $content JavaScript to write to file.
2571 * @return string filename to include in the <script> tag
2572 */
2573 public static function writeJavaScriptContentToTemporaryFile(string $content)
2574 {
2575 $script = 'typo3temp/assets/js/' . GeneralUtility::shortMD5($content) . '.js';
2576 if (!@is_file(Environment::getPublicPath() . '/' . $script)) {
2577 self::writeFileToTypo3tempDir(Environment::getPublicPath() . '/' . $script, $content);
2578 }
2579 return $script;
2580 }
2581
2582 /**
2583 * Writes string to a temporary file named after the md5-hash of the string
2584 * Quite useful for extensions adding their custom built StyleSheet during runtime.
2585 *
2586 * @param string $content CSS styles to write to file.
2587 * @return string filename to include in the <link> tag
2588 */
2589 public static function writeStyleSheetContentToTemporaryFile(string $content)
2590 {
2591 $script = 'typo3temp/assets/css/' . self::shortMD5($content) . '.css';
2592 if (!@is_file(Environment::getPublicPath() . '/' . $script)) {
2593 self::writeFileToTypo3tempDir(Environment::getPublicPath() . '/' . $script, $content);
2594 }
2595 return $script;
2596 }
2597
2598 /*************************
2599 *
2600 * SYSTEM INFORMATION
2601 *
2602 *************************/
2603
2604 /**
2605 * Returns the link-url to the current script.
2606 * In $getParams you can set associative keys corresponding to the GET-vars you wish to add to the URL. If you set them empty, they will remove existing GET-vars from the current URL.
2607 * REMEMBER to always use htmlspecialchars() for content in href-properties to get ampersands converted to entities (XHTML requirement and XSS precaution)
2608 *
2609 * @param array $getParams Array of GET parameters to include
2610 * @return string
2611 */
2612 public static function linkThisScript(array $getParams = [])
2613 {
2614 $parts = self::getIndpEnv('SCRIPT_NAME');
2615 $params = self::_GET();
2616 foreach ($getParams as $key => $value) {
2617 if ($value !== '') {
2618 $params[$key] = $value;
2619 } else {
2620 unset($params[$key]);
2621 }
2622 }
2623 $pString = self::implodeArrayForUrl('', $params);
2624 return $pString ? $parts . '?' . ltrim($pString, '&') : $parts;
2625 }
2626
2627 /**
2628 * Takes a full URL, $url, possibly with a querystring and overlays the $getParams arrays values onto the quirystring, packs it all together and returns the URL again.
2629 * So basically it adds the parameters in $getParams to an existing URL, $url
2630 *
2631 * @param string $url URL string
2632 * @param array $getParams Array of key/value pairs for get parameters to add/overrule with. Can be multidimensional.
2633 * @return string Output URL with added getParams.
2634 */
2635 public static function linkThisUrl($url, array $getParams = [])
2636 {
2637 $parts = parse_url($url);
2638 $getP = [];
2639 if ($parts['query']) {
2640 parse_str($parts['query'], $getP);
2641 }
2642 ArrayUtility::mergeRecursiveWithOverrule($getP, $getParams);
2643 $uP = explode('?', $url);
2644 $params = self::implodeArrayForUrl('', $getP);
2645 $outurl = $uP[0] . ($params ? '?' . substr($params, 1) : '');
2646 return $outurl;
2647 }
2648
2649 /**
2650 * This method is only for testing and should never be used outside tests-
2651 *
2652 * @param $envName
2653 * @param $value
2654 * @internal
2655 */
2656 public static function setIndpEnv($envName, $value)
2657 {
2658 self::$indpEnvCache[$envName] = $value;
2659 }
2660
2661 /**
2662 * Abstraction method which returns System Environment Variables regardless of server OS, CGI/MODULE version etc. Basically this is SERVER variables for most of them.
2663 * This should be used instead of getEnv() and $_SERVER/ENV_VARS to get reliable values for all situations.
2664 *
2665 * @param string $getEnvName Name of the "environment variable"/"server variable" you wish to use. Valid values are SCRIPT_NAME, SCRIPT_FILENAME, REQUEST_URI, PATH_INFO, REMOTE_ADDR, REMOTE_HOST, HTTP_REFERER, HTTP_HOST, HTTP_USER_AGENT, HTTP_ACCEPT_LANGUAGE, QUERY_STRING, TYPO3_DOCUMENT_ROOT, TYPO3_HOST_ONLY, TYPO3_HOST_ONLY, TYPO3_REQUEST_HOST, TYPO3_REQUEST_URL, TYPO3_REQUEST_SCRIPT, TYPO3_REQUEST_DIR, TYPO3_SITE_URL, _ARRAY
2666 * @return string Value based on the input key, independent of server/os environment.
2667 * @throws \UnexpectedValueException
2668 */
2669 public static function getIndpEnv($getEnvName)
2670 {
2671 if (array_key_exists($getEnvName, self::$indpEnvCache)) {
2672 return self::$indpEnvCache[$getEnvName];
2673 }
2674
2675 /*
2676 Conventions:
2677 output from parse_url():
2678 URL: http://username:password@192.168.1.4:8080/typo3/32/temp/phpcheck/index.php/arg1/arg2/arg3/?arg1,arg2,arg3&p1=parameter1&p2[key]=value#link1
2679 [scheme] => 'http'
2680 [user] => 'username'
2681 [pass] => 'password'
2682 [host] => '192.168.1.4'
2683 [port] => '8080'
2684 [path] => '/typo3/32/temp/phpcheck/index.php/arg1/arg2/arg3/'
2685 [query] => 'arg1,arg2,arg3&p1=parameter1&p2[key]=value'
2686 [fragment] => 'link1'Further definition: [path_script] = '/typo3/32/temp/phpcheck/index.php'
2687 [path_dir] = '/typo3/32/temp/phpcheck/'
2688 [path_info] = '/arg1/arg2/arg3/'
2689 [path] = [path_script/path_dir][path_info]Keys supported:URI______:
2690 REQUEST_URI = [path]?[query] = /typo3/32/temp/phpcheck/index.php/arg1/arg2/arg3/?arg1,arg2,arg3&p1=parameter1&p2[key]=value
2691 HTTP_HOST = [host][:[port]] = 192.168.1.4:8080
2692 SCRIPT_NAME = [path_script]++ = /typo3/32/temp/phpcheck/index.php // NOTICE THAT SCRIPT_NAME will return the php-script name ALSO. [path_script] may not do that (eg. '/somedir/' may result in SCRIPT_NAME '/somedir/index.php')!
2693 PATH_INFO = [path_info] = /arg1/arg2/arg3/
2694 QUERY_STRING = [query] = arg1,arg2,arg3&p1=parameter1&p2[key]=value
2695 HTTP_REFERER = [scheme]://[host][:[port]][path] = http://192.168.1.4:8080/typo3/32/temp/phpcheck/index.php/arg1/arg2/arg3/?arg1,arg2,arg3&p1=parameter1&p2[key]=value
2696 (Notice: NO username/password + NO fragment)CLIENT____:
2697 REMOTE_ADDR = (client IP)
2698 REMOTE_HOST = (client host)
2699 HTTP_USER_AGENT = (client user agent)
2700 HTTP_ACCEPT_LANGUAGE = (client accept language)SERVER____:
2701 SCRIPT_FILENAME = Absolute filename of script (Differs between windows/unix). On windows 'C:\\blabla\\blabl\\' will be converted to 'C:/blabla/blabl/'Special extras:
2702 TYPO3_HOST_ONLY = [host] = 192.168.1.4
2703 TYPO3_PORT = [port] = 8080 (blank if 80, taken from host value)
2704 TYPO3_REQUEST_HOST = [scheme]://[host][:[port]]
2705 TYPO3_REQUEST_URL = [scheme]://[host][:[port]][path]?[query] (scheme will by default be "http" until we can detect something different)
2706 TYPO3_REQUEST_SCRIPT = [scheme]://[host][:[port]][path_script]
2707 TYPO3_REQUEST_DIR = [scheme]://[host][:[port]][path_dir]
2708 TYPO3_SITE_URL = [scheme]://[host][:[port]][path_dir] of the TYPO3 website frontend
2709 TYPO3_SITE_PATH = [path_dir] of the TYPO3 website frontend
2710 TYPO3_SITE_SCRIPT = [script / Speaking URL] of the TYPO3 website
2711 TYPO3_DOCUMENT_ROOT = Absolute path of root of documents: TYPO3_DOCUMENT_ROOT.SCRIPT_NAME = SCRIPT_FILENAME (typically)
2712 TYPO3_SSL = Returns TRUE if this session uses SSL/TLS (https)
2713 TYPO3_PROXY = Returns TRUE if this session runs over a well known proxyNotice: [fragment] is apparently NEVER available to the script!Testing suggestions:
2714 - Output all the values.
2715 - In the script, make a link to the script it self, maybe add some parameters and click the link a few times so HTTP_REFERER is seen
2716 - ALSO TRY the script from the ROOT of a site (like 'http://www.mytest.com/' and not 'http://www.mytest.com/test/' !!)
2717 */
2718 $retVal = '';
2719 switch ((string)$getEnvName) {
2720 case 'SCRIPT_NAME':
2721 $retVal = self::isRunningOnCgiServerApi()
2722 && (($_SERVER['ORIG_PATH_INFO'] ?? false) ?: ($_SERVER['PATH_INFO'] ?? false))
2723 ? (($_SERVER['ORIG_PATH_INFO'] ?? '') ?: ($_SERVER['PATH_INFO'] ?? ''))
2724 : (($_SERVER['ORIG_SCRIPT_NAME'] ?? '') ?: ($_SERVER['SCRIPT_NAME'] ?? ''));
2725 // Add a prefix if TYPO3 is behind a proxy: ext-domain.com => int-server.com/prefix
2726 if (self::cmpIP($_SERVER['REMOTE_ADDR'] ?? '', $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'] ?? '')) {
2727 if (self::getIndpEnv('TYPO3_SSL') && $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefixSSL']) {
2728 $retVal = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefixSSL'] . $retVal;
2729 } elseif ($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefix']) {
2730 $retVal = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefix'] . $retVal;
2731 }
2732 }
2733 break;
2734 case 'SCRIPT_FILENAME':
2735 $retVal = Environment::getCurrentScript();
2736 break;
2737 case 'REQUEST_URI':
2738 // Typical application of REQUEST_URI is return urls, forms submitting to itself etc. Example: returnUrl='.rawurlencode(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REQUEST_URI'))
2739 if (!empty($GLOBALS['TYPO3_CONF_VARS']['SYS']['requestURIvar'])) {
2740 // This is for URL rewriters that store the original URI in a server variable (eg ISAPI_Rewriter for IIS: HTTP_X_REWRITE_URL)
2741 list($v, $n) = explode('|', $GLOBALS['TYPO3_CONF_VARS']['SYS']['requestURIvar']);
2742 $retVal = $GLOBALS[$v][$n];
2743 } elseif (empty($_SERVER['REQUEST_URI'])) {
2744 // This is for ISS/CGI which does not have the REQUEST_URI available.
2745 $retVal = '/' . ltrim(self::getIndpEnv('SCRIPT_NAME'), '/') . (!empty($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : '');
2746 } else {
2747 $retVal = '/' . ltrim($_SERVER['REQUEST_URI'], '/');
2748 }
2749 // Add a prefix if TYPO3 is behind a proxy: ext-domain.com => int-server.com/prefix
2750 if (isset($_SERVER['REMOTE_ADDR'], $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'])
2751 && self::cmpIP($_SERVER['REMOTE_ADDR'], $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'])
2752 ) {
2753 if (self::getIndpEnv('TYPO3_SSL') && $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefixSSL']) {
2754 $retVal = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefixSSL'] . $retVal;
2755 } elseif ($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefix']) {
2756 $retVal = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefix'] . $retVal;
2757 }
2758 }
2759 break;
2760 case 'PATH_INFO':
2761 // $_SERVER['PATH_INFO'] != $_SERVER['SCRIPT_NAME'] is necessary because some servers (Windows/CGI)
2762 // are seen to set PATH_INFO equal to script_name
2763 // Further, there must be at least one '/' in the path - else the PATH_INFO value does not make sense.
2764 // IF 'PATH_INFO' never works for our purpose in TYPO3 with CGI-servers,
2765 // then 'PHP_SAPI=='cgi'' might be a better check.
2766 // Right now strcmp($_SERVER['PATH_INFO'], GeneralUtility::getIndpEnv('SCRIPT_NAME')) will always
2767 // return FALSE for CGI-versions, but that is only as long as SCRIPT_NAME is set equal to PATH_INFO
2768 // because of PHP_SAPI=='cgi' (see above)
2769 if (!self::isRunningOnCgiServerApi()) {
2770 $retVal = $_SERVER['PATH_INFO'];
2771 }
2772 break;
2773 case 'TYPO3_REV_PROXY':
2774 $retVal = self::cmpIP($_SERVER['REMOTE_ADDR'], $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP']);
2775 break;
2776 case 'REMOTE_ADDR':
2777 $retVal = $_SERVER['REMOTE_ADDR'] ?? null;
2778 if (self::cmpIP($retVal, $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'] ?? '')) {
2779 $ip = self::trimExplode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
2780 // Choose which IP in list to use
2781 if (!empty($ip)) {
2782 switch ($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyHeaderMultiValue']) {
2783 case 'last':
2784 $ip = array_pop($ip);
2785 break;
2786 case 'first':
2787 $ip = array_shift($ip);
2788 break;
2789 case 'none':
2790
2791 default:
2792 $ip = '';
2793 }
2794 }
2795 if (self::validIP($ip)) {
2796 $retVal = $ip;
2797 }
2798 }
2799 break;
2800 case 'HTTP_HOST':
2801 // if it is not set we're most likely on the cli
2802 $retVal = $_SERVER['HTTP_HOST'] ?? null;
2803 if (isset($_SERVER['REMOTE_ADDR']) && static::cmpIP($_SERVER['REMOTE_ADDR'], $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'])) {
2804 $host = self::trimExplode(',', $_SERVER['HTTP_X_FORWARDED_HOST']);
2805 // Choose which host in list to use
2806 if (!empty($host)) {
2807 switch ($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyHeaderMultiValue']) {
2808 case 'last':
2809 $host = array_pop($host);
2810 break;
2811 case 'first':
2812 $host = array_shift($host);
2813 break;
2814 case 'none':
2815
2816 default:
2817 $host = '';
2818 }
2819 }
2820 if ($host) {
2821 $retVal = $host;
2822 }
2823 }
2824 if (!static::isAllowedHostHeaderValue($retVal)) {
2825 throw new \UnexpectedValueException(
2826 'The current host header value does not match the configured trusted hosts pattern! Check the pattern defined in $GLOBALS[\'TYPO3_CONF_VARS\'][\'SYS\'][\'trustedHostsPattern\'] and adapt it, if you want to allow the current host header \'' . $retVal . '\' for your installation.',
2827 1396795884
2828 );
2829 }
2830 break;
2831 case 'HTTP_REFERER':
2832
2833 case 'HTTP_USER_AGENT':
2834
2835 case 'HTTP_ACCEPT_ENCODING':
2836
2837 case 'HTTP_ACCEPT_LANGUAGE':
2838
2839 case 'REMOTE_HOST':
2840
2841 case 'QUERY_STRING':
2842 $retVal = $_SERVER[$getEnvName] ?? '';
2843 break;
2844 case 'TYPO3_DOCUMENT_ROOT':
2845 // Get the web root (it is not the root of the TYPO3 installation)
2846 // The absolute path of the script can be calculated with TYPO3_DOCUMENT_ROOT + SCRIPT_FILENAME
2847 // Some CGI-versions (LA13CGI) and mod-rewrite rules on MODULE versions will deliver a 'wrong' DOCUMENT_ROOT (according to our description). Further various aliases/mod_rewrite rules can disturb this as well.
2848 // Therefore the DOCUMENT_ROOT is now always calculated as the SCRIPT_FILENAME minus the end part shared with SCRIPT_NAME.
2849 $SFN = self::getIndpEnv('SCRIPT_FILENAME');
2850 $SN_A = explode('/', strrev(self::getIndpEnv('SCRIPT_NAME')));
2851 $SFN_A = explode('/', strrev($SFN));
2852 $acc = [];
2853 foreach ($SN_A as $kk => $vv) {
2854 if ((string)$SFN_A[$kk] === (string)$vv) {
2855 $acc[] = $vv;
2856 } else {
2857 break;
2858 }
2859 }
2860 $commonEnd = strrev(implode('/', $acc));
2861 if ((string)$commonEnd !== '') {
2862 $retVal = substr($SFN, 0, -(strlen($commonEnd) + 1));
2863 }
2864 break;
2865 case 'TYPO3_HOST_ONLY':
2866 $httpHost = self::getIndpEnv('HTTP_HOST');
2867 $httpHostBracketPosition = strpos($httpHost, ']');
2868 $httpHostParts = explode(':', $httpHost);
2869 $retVal = $httpHostBracketPosition !== false ? substr($httpHost, 0, $httpHostBracketPosition + 1) : array_shift($httpHostParts);
2870 break;
2871 case 'TYPO3_PORT':
2872 $httpHost = self::getIndpEnv('HTTP_HOST');
2873 $httpHostOnly = self::getIndpEnv('TYPO3_HOST_ONLY');
2874 $retVal = strlen($httpHost) > strlen($httpHostOnly) ? substr($httpHost, strlen($httpHostOnly) + 1) : '';
2875 break;
2876 case 'TYPO3_REQUEST_HOST':
2877 $retVal = (self::getIndpEnv('TYPO3_SSL') ? 'https://' : 'http://') . self::getIndpEnv('HTTP_HOST');
2878 break;
2879 case 'TYPO3_REQUEST_URL':
2880 $retVal = self::getIndpEnv('TYPO3_REQUEST_HOST') . self::getIndpEnv('REQUEST_URI');
2881 break;
2882 case 'TYPO3_REQUEST_SCRIPT':
2883 $retVal = self::getIndpEnv('TYPO3_REQUEST_HOST') . self::getIndpEnv('SCRIPT_NAME');
2884 break;
2885 case 'TYPO3_REQUEST_DIR':
2886 $retVal = self::getIndpEnv('TYPO3_REQUEST_HOST') . self::dirname(self::getIndpEnv('SCRIPT_NAME')) . '/';
2887 break;
2888 case 'TYPO3_SITE_URL':
2889 $url = self::getIndpEnv('TYPO3_REQUEST_DIR');
2890 // This can only be set by external entry scripts
2891 if (defined('TYPO3_PATH_WEB')) {
2892 $retVal = $url;
2893 } elseif (Environment::getCurrentScript()) {
2894 $lPath = PathUtility::stripPathSitePrefix(PathUtility::dirnameDuringBootstrap(Environment::getCurrentScript())) . '/';
2895 $siteUrl = substr($url, 0, -strlen($lPath));
2896 if (substr($siteUrl, -1) !== '/') {
2897 $siteUrl .= '/';
2898 }
2899 $retVal = $siteUrl;
2900 }
2901 break;
2902 case 'TYPO3_SITE_PATH':
2903 $retVal = substr(self::getIndpEnv('TYPO3_SITE_URL'), strlen(self::getIndpEnv('TYPO3_REQUEST_HOST')));
2904 break;
2905 case 'TYPO3_SITE_SCRIPT':
2906 $retVal = substr(self::getIndpEnv('TYPO3_REQUEST_URL'), strlen(self::getIndpEnv('TYPO3_SITE_URL')));
2907 break;
2908 case 'TYPO3_SSL':
2909 $proxySSL = trim($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxySSL'] ?? null);
2910 if ($proxySSL === '*') {
2911 $proxySSL = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'];
2912 }
2913 if (self::cmpIP($_SERVER['REMOTE_ADDR'] ?? '', $proxySSL)) {
2914 $retVal = true;
2915 } else {
2916 // https://secure.php.net/manual/en/reserved.variables.server.php
2917 // "Set to a non-empty value if the script was queried through the HTTPS protocol."
2918 $retVal = !empty($_SERVER['SSL_SESSION_ID'])
2919 || (!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off');
2920 }
2921 break;
2922 case '_ARRAY':
2923 $out = [];
2924 // Here, list ALL possible keys to this function for debug display.
2925 $envTestVars = [
2926 'HTTP_HOST',
2927 'TYPO3_HOST_ONLY',
2928 'TYPO3_PORT',
2929 'PATH_INFO',
2930 'QUERY_STRING',
2931 'REQUEST_URI',
2932 'HTTP_REFERER',
2933 'TYPO3_REQUEST_HOST',
2934 'TYPO3_REQUEST_URL',
2935 'TYPO3_REQUEST_SCRIPT',
2936 'TYPO3_REQUEST_DIR',
2937 'TYPO3_SITE_URL',
2938 'TYPO3_SITE_SCRIPT',
2939 'TYPO3_SSL',
2940 'TYPO3_REV_PROXY',
2941 'SCRIPT_NAME',
2942 'TYPO3_DOCUMENT_ROOT',
2943 'SCRIPT_FILENAME',
2944 'REMOTE_ADDR',
2945 'REMOTE_HOST',
2946 'HTTP_USER_AGENT',
2947 'HTTP_ACCEPT_LANGUAGE'
2948 ];
2949 foreach ($envTestVars as $v) {
2950 $out[$v] = self::getIndpEnv($v);
2951 }
2952 reset($out);
2953 $retVal = $out;
2954 break;
2955 }
2956 self::$indpEnvCache[$getEnvName] = $retVal;
2957 return $retVal;
2958 }
2959
2960 /**
2961 * Checks if the provided host header value matches the trusted hosts pattern.
2962 * If the pattern is not defined (which only can happen early in the bootstrap), deny any value.
2963 * The result is saved, so the check needs to be executed only once.
2964 *
2965 * @param string $hostHeaderValue HTTP_HOST header value as sent during the request (may include port)
2966 * @return bool
2967 */
2968 public static function isAllowedHostHeaderValue($hostHeaderValue)
2969 {
2970 if (static::$allowHostHeaderValue === true) {
2971 return true;
2972 }
2973
2974 if (static::isInternalRequestType()) {
2975 return static::$allowHostHeaderValue = true;
2976 }
2977
2978 // Deny the value if trusted host patterns is empty, which means we are early in the bootstrap
2979 if (empty($GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'])) {
2980 return false;
2981 }
2982
2983 if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] === self::ENV_TRUSTED_HOSTS_PATTERN_ALLOW_ALL) {
2984 static::$allowHostHeaderValue = true;
2985 } else {
2986 static::$allowHostHeaderValue = static::hostHeaderValueMatchesTrustedHostsPattern($hostHeaderValue);
2987 }
2988
2989 return static::$allowHostHeaderValue;
2990 }
2991
2992 /**
2993 * Checks if the provided host header value matches the trusted hosts pattern without any preprocessing.
2994 *
2995 * @param string $hostHeaderValue
2996 * @return bool
2997 * @internal
2998 */
2999 public static function hostHeaderValueMatchesTrustedHostsPattern($hostHeaderValue)
3000 {
3001 if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] === self::ENV_TRUSTED_HOSTS_PATTERN_SERVER_NAME) {
3002 // Allow values that equal the server name