Follow-up to bug #10452: Fixed flaws in PATH_INFO check for simulateStaticDocuments
[Packages/TYPO3.CMS.git] / typo3 / sysext / simulatestatic / class.tx_simulatestatic.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 1999-2008 Kasper Skaarhoj <kasperYYYY@typo3.com>
6 * (c) 2008 Benjamin Mack <benni . typo3 . o)rg>
7 * All rights reserved
8 *
9 * This script is part of the TYPO3 project. The TYPO3 project is
10 * free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * The GNU General Public License can be found at
16 * http://www.gnu.org/copyleft/gpl.html.
17 * A copy is found in the textfile GPL.txt and important notices to the license
18 * from the author is found in LICENSE.txt distributed with these scripts.
19 *
20 *
21 * This script is distributed in the hope that it will be useful,
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 * GNU General Public License for more details.
25 *
26 * This copyright notice MUST APPEAR in all copies of the script!
27 ***************************************************************/
28 /**
29 * Class that does the simulatestatic feature (Speaking URLs)
30 * Was extracted for TYPO3 4.3 from the core
31 *
32 * $Id$
33 *
34 * @author Kasper Skaarhoj <kasperYYYY@typo3.com>
35 * @author Benjamin Mack <benni . typo3 . o)rg>
36 */
37 class tx_simulatestatic {
38 public $enabled = false;
39 public $replacementChar = '';
40 public $conf = array();
41 public $pEncodingAllowedParamNames = array();
42
43 /**
44 * Initializes the extension, sets some configuration options and does some basic checks
45 *
46 * @param array holds all the information about the link that is about to be created
47 * @param tslib_fe is a reference to the parent object that calls the hook
48 * @return void
49 */
50 public function hookInitConfig(array &$parameters, tslib_fe &$parentObject) {
51 $TSconf = &$parameters['config'];
52
53 // if .simulateStaticDocuments was not present, the installation-wide default value will be used
54 if (!isset($TSconf['simulateStaticDocuments'])) {
55 $TSconf['simulateStaticDocuments'] = trim($parentObject->TYPO3_CONF_VARS['FE']['simulateStaticDocuments']);
56 }
57
58 // simulateStatic was not activated
59 if (!$TSconf['simulateStaticDocuments']) {
60 return;
61 }
62
63 $this->enabled = true;
64
65 // setting configuration options
66 $this->conf = array(
67 'mode' => $TSconf['simulateStaticDocuments'],
68 'dontRedirectPathInfoError' => ($TSconf['simulateStaticDocuments_dontRedirectPathInfoError'] ? $TSconf['simulateStaticDocuments_dontRedirectPathInfoError'] : $TSconf['simulateStaticDocuments.']['dontRedirectPathInfoError']),
69 'pEncoding' => ($TSconf['simulateStaticDocuments_pEnc'] ? $TSconf['simulateStaticDocuments_pEnc'] : $TSconf['simulateStaticDocuments.']['pEncoding']),
70 'pEncodingOnlyP' => ($TSconf['simulateStaticDocuments_pEnc_onlyP'] ? $TSconf['simulateStaticDocuments_pEnc_onlyP'] : $TSconf['simulateStaticDocuments.']['pEncoding_onlyP']),
71 'addTitle' => ($TSconf['simulateStaticDocuments_addTitle'] ? $TSconf['simulateStaticDocuments_addTitle'] : $TSconf['simulateStaticDocuments.']['addTitle']),
72 'noTypeIfNoTitle' => ($TSconf['simulateStaticDocuments_noTypeIfNoTitle'] ? $TSconf['simulateStaticDocuments_noTypeIfNoTitle'] : $TSconf['simulateStaticDocuments.']['noTypeIfNoTitle']),
73 'replacementChar' => (t3lib_div::compat_version('4.0') ? '-' : '_')
74 );
75
76 if ($this->conf['pEncodingOnlyP']) {
77 $tempParts = t3lib_div::trimExplode(',', $this->conf['pEncodingOnlyP'], 1);
78 foreach ($tempParts as $tempPart) {
79 $this->pEncodingAllowedParamNames[$tempPart] = 1;
80 }
81 }
82
83
84 // Checks and sets replacement character for simulateStaticDocuments.
85 $replacement = trim($TSconf['simulateStaticDocuments_replacementChar'] ? $TSconf['simulateStaticDocuments_replacementChar'] : $TSconf['simulateStaticDocuments.']['replacementChar']);
86 if ($replacement && (urlencode($replacement) == $replacement)) {
87 $this->conf['replacementChar'] = $replacement;
88 }
89
90 // Force absRefPrefix to this value is PATH_INFO is used.
91 $absRefPrefix = $TSconf['absRefPrefix'];
92 $absRefPrefix = trim($absRefPrefix);
93 if ((!strcmp($this->conf['mode'], 'PATH_INFO') || $parentObject->absRefPrefix_force) && !$absRefPrefix) {
94 $absRefPrefix = t3lib_div::dirname(t3lib_div::getIndpEnv('SCRIPT_NAME')) . '/';
95 }
96 $parentObject->absRefPrefix = $absRefPrefix;
97 $parentObject->config['config']['absRefPrefix'] = $absRefPrefix;
98
99
100 // Check PATH_INFO url
101 if ($parentObject->absRefPrefix_force && strcmp($this->conf['mode'], 'PATH_INFO')) {
102 $redirectUrl = t3lib_div::getIndpEnv('TYPO3_REQUEST_DIR') . 'index.php?id=' . $parentObject->id . '&type='.$parentObject->type;
103 if ($this->conf['dontRedirectPathInfoError']) {
104 if ($parentObject->checkPageUnavailableHandler()) {
105 $parentObject->pageUnavailableAndExit('PATH_INFO was not configured for this website, and the URL tries to find the page by PATH_INFO!');
106 } else {
107 $message = 'PATH_INFO was not configured for this website, and the URL tries to find the page by PATH_INFO!';
108 header(t3lib_div::HTTP_STATUS_503);
109 t3lib_div::sysLog($message, 'cms', t3lib_div::SYSLOG_SEVERITY_ERROR);
110 $parentObject->printError($message.'<br /><br /><a href="' . htmlspecialchars($redirectUrl) . '">Click here to get to the right page.</a>','Error: PATH_INFO not configured');
111 }
112 } else {
113 t3lib_div::redirect(t3lib_div::locationHeaderUrl($redirectUrl));
114 }
115 exit;
116 // Set no_cache if PATH_INFO is NOT used as simulateStaticDoc.
117 // and if absRefPrefix_force shows that such an URL has been passed along.
118 // $this->set_no_cache();
119 }
120 }
121
122
123 /**
124 * Hook for creating a speaking URL when using the generic linkData function
125 *
126 * @param array holds all the information about the link that is about to be created
127 * @param t3lib_TStemplate is a reference to the parent object that calls the hook
128 * @return void
129 */
130 public function hookLinkDataPostProc(array &$parameters, t3lib_TStemplate &$parentObject) {
131 if (!$this->enabled) {
132 return;
133 }
134
135 $LD = &$parameters['LD'];
136 $page = &$parameters['args']['page'];
137 $LD['type'] = '';
138
139 // MD5/base64 method limitation
140 $remainLinkVars = '';
141 $flag_pEncoding = (t3lib_div::inList('md5,base64', $this->conf['pEncoding']) && !$LD['no_cache']);
142 if ($flag_pEncoding) {
143 list($LD['linkVars'], $remainLinkVars) = $this->processEncodedQueryString($LD['linkVars']);
144 }
145
146 $url = $this->makeSimulatedFileName(
147 $page['title'],
148 ($page['alias'] ? $page['alias'] : $page['uid']),
149 intval($parameters['typeNum']),
150 $LD['linkVars'],
151 ($LD['no_cache'] ? true : false)
152 );
153 if ($this->conf['mode'] == 'PATH_INFO') {
154 $url = 'index.php/' . str_replace('.', '/', $url) . '/';
155 } else {
156 $url .= '.html';
157 }
158 $LD['url'] = $GLOBALS['TSFE']->absRefPrefix . $url . '?';
159
160 if ($flag_pEncoding) {
161 $LD['linkVars'] = $remainLinkVars;
162 }
163
164 // If the special key 'sectionIndex_uid' (added 'manually' in tslib/menu.php to the page-record) is set,
165 // then the link jumps directly to a section on the page.
166 $LD['sectionIndex'] = ($page['sectionIndex_uid'] ? '#c'.$page['sectionIndex_uid'] : '');
167
168 // Compile the normal total url
169 $LD['totalURL'] = $parentObject->removeQueryString($LD['url'] . $LD['type'] . $LD['no_cache'] . $LD['linkVars'] . $GLOBALS['TSFE']->getMethodUrlIdToken) . $LD['sectionIndex'];
170 }
171
172
173 /**
174 * Hook for checking to see if the URL is a speaking URL
175 *
176 * Here a .htaccess file maps all .html-files to index.php and
177 * then we extract the id and type from the name of that HTML-file. (AKA "simulateStaticDocuments")
178 * Support for RewriteRule to generate (simulateStaticDocuments)
179 * With the mod_rewrite compiled into apache, put these lines into a .htaccess in this directory:
180 * RewriteEngine On
181 * RewriteRule ^[^/]*\.html$ index.php
182 * The url must end with '.html' and the format must comply with either of these:
183 * 1: '[title].[id].[type].html' - title is just for easy recognition in the
184 * logfile!; no practical use of the title for TYPO3.
185 * 2: '[id].[type].html' - above, but title is omitted; no practical use of
186 * the title for TYPO3.
187 * 3: '[id].html' - only id, type is set to the default, zero!
188 * NOTE: In all case 'id' may be the uid-number OR the page alias (if any)
189 *
190 * @param array includes a reference to the parent Object (which is the global TSFE)
191 * @param tslib_fe is a reference to the global TSFE
192 * @return void
193 */
194 public function hookCheckAlternativeIDMethods(array &$parameters, tslib_fe &$parentObject) {
195 // If there has been a redirect (basically; we arrived here otherwise
196 // than via "index.php" in the URL)
197 // this can happend either due to a CGI-script or because of reWrite rule.
198 // Earlier we used $_SERVER['REDIRECT_URL'] to check
199 if ($parentObject->siteScript && substr($parentObject->siteScript, 0, 9) != 'index.php') {
200 $uParts = parse_url($parentObject->siteScript);
201 $fI = t3lib_div::split_fileref($uParts['path']);
202
203 if (!$fI['path'] && $fI['file'] && substr($fI['file'], -5) == '.html') {
204 $parts = explode('.', $fI['file']);
205 $pCount = count($parts);
206 if ($pCount > 2) {
207 $parentObject->type = intval($parts[$pCount-2]);
208 $parentObject->id = $parts[$pCount-3];
209 } else {
210 $parentObject->type = 0;
211 $parentObject->id = $parts[0];
212 }
213 }
214 }
215
216 // If PATH_INFO is defined as simulateStaticDocuments mode and has information:
217 if (t3lib_div::getIndpEnv('PATH_INFO') && strpos(t3lib_div::getIndpEnv('TYPO3_SITE_SCRIPT'), 'index.php/') === 0) {
218 $parts = t3lib_div::trimExplode('/', t3lib_div::getIndpEnv('PATH_INFO'), true);
219 $pCount = count($parts);
220 if ($pCount > 1) {
221 $parentObject->type = intval($parts[$pCount-1]);
222 $parentObject->id = $parts[$pCount-2];
223 } else {
224 $parentObject->type = 0;
225 $parentObject->id = $parts[0];
226 }
227 $parentObject->absRefPrefix_force = 1;
228 }
229 }
230
231
232 /**
233 * Analyzes the second part of a id-string (after the "+"), looking for B6 or M5 encoding
234 * and if found it will resolve it and restore the variables in global $_GET.
235 * If values for ->cHash, ->no_cache, ->jumpurl and ->MP is found,
236 * they are also loaded into the internal vars of this class.
237 * => Not yet used, could be ported from tslib_fe as well
238 *
239 * @param string String to analyze
240 * @return void
241 */
242 protected function idPartsAnalyze($string) {
243 $getVars = '';
244 switch (substr($string, 0, 2)) {
245 case 'B6':
246 $addParams = base64_decode(str_replace('_', '=', str_replace('-', '/', substr($string, 2))));
247 parse_str($addParams, $getVars);
248 break;
249 case 'M5':
250 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('params', 'cache_md5params', 'md5hash=' . $GLOBALS['TYPO3_DB']->fullQuoteStr(substr($string, 2), 'cache_md5params'));
251 $row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res);
252
253 $GLOBALS['TSFE']->updateMD5paramsRecord(substr($string, 2));
254 parse_str($row['params'], $getVars);
255 break;
256 }
257 $GLOBALS['TSFE']->mergingWithGetVars($getVars);
258 }
259
260
261
262
263 /********************************************
264 *
265 * Various internal API functions
266 *
267 *******************************************/
268
269 /**
270 * This is just a wrapper function to use the params from the array split up. Can be deleted once the function in class.t3lib_fe.php is deleted
271 *
272 * @param array Parameter array delivered from tslib_fe::makeSimulFileName
273 * @param tslib_fe Reference to the calling TSFE instance
274 * @return string The body of the filename.
275 * @see makeSimulatedFileName()
276 * @deprecated since TYPO3 4.3, will be deleted in TYPO3 4.5
277 */
278 public function makeSimulatedFileNameCompat(array &$parameters, tslib_fe &$parentObject) {
279 return $this->makeSimulatedFileName(
280 $parameters['inTitle'],
281 $parameters['page'],
282 $parameters['type'],
283 $parameters['addParams'],
284 $parameters['no_cache']
285 );
286 }
287
288
289 /**
290 * Make simulation filename (without the ".html" ending, only body of filename)
291 *
292 * @param string The page title to use
293 * @param mixed The page id (integer) or alias (string)
294 * @param integer The type number
295 * @param string Query-parameters to encode (will be done only if caching is enabled and TypoScript configured for it. I don't know it this makes much sense in fact...)
296 * @param boolean The "no_cache" status of the link.
297 * @return string The body of the filename.
298 * @see getSimulFileName(), t3lib_tstemplate::linkData(), tslib_frameset::frameParams()
299 */
300 public function makeSimulatedFileName($inTitle, $page, $type, $addParams = '', $no_cache = false) {
301 // Default value is 30 but values > 1 will be override this
302 $titleChars = intval($this->conf['addTitle']);
303 if ($titleChars == 1) {
304 $titleChars = 30;
305 }
306
307 $out = ($titleChars ? $this->fileNameASCIIPrefix($inTitle, $titleChars) : '');
308 $enc = '';
309
310 if (strcmp($addParams, '') && !$no_cache) {
311 switch ((string)$this->conf['pEncoding']) {
312 case 'md5':
313 $md5 = substr(md5($addParams), 0, 10);
314 $enc = '+M5'.$md5;
315
316 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
317 'md5hash',
318 'cache_md5params',
319 'md5hash=' . $GLOBALS['TYPO3_DB']->fullQuoteStr($md5, 'cache_md5params')
320 );
321 if (!$GLOBALS['TYPO3_DB']->sql_num_rows($res)) {
322 $insertFields = array(
323 'md5hash' => $md5,
324 'tstamp' => time(),
325 'type' => 1,
326 'params' => $addParams
327 );
328
329 $GLOBALS['TYPO3_DB']->exec_INSERTquery('cache_md5params', $insertFields);
330 }
331 $GLOBALS['TYPO3_DB']->sql_free_result($res);
332 break;
333 case 'base64':
334 $enc = '+B6' . str_replace('=', '_', str_replace('/', '-', base64_encode($addParams)));
335 break;
336 }
337 }
338 // Setting page and type number:
339 return $out . $page . $enc . (($type || $out || !$this->conf['noTypeIfNoTitle']) ? '.' . $type : '');
340 }
341
342
343 /**
344 * Returns the simulated static file name (*.html) for the current page (using the page record in $this->page)
345 *
346 * @return string The filename (without path)
347 * @see makeSimulatedFileName(), publish.php
348 */
349 public function getSimulatedFileName() {
350 return $this->makeSimulatedFileName(
351 $GLOBALS['TSFE']->page['title'],
352 ($GLOBALS['TSFE']->page['alias'] ? $GLOBALS['TSFE']->page['alias'] : $GLOBALS['TSFE']->id),
353 $GLOBALS['TSFE']->type
354 ) . '.html';
355 }
356
357
358 /**
359 * Processes a query-string with GET-parameters and returns two strings, one with the parameters that CAN be encoded and one array with those which can't be encoded (encoded by the M5 or B6 methods)
360 *
361 * @param string Query string to analyse
362 * @return array Two num keys returned, first is the parameters that MAY be encoded, second is the non-encodable parameters.
363 * @see makeSimulatedFileName(), t3lib_tstemplate::linkData()
364 */
365 public function processEncodedQueryString($linkVars) {
366 $remainingLinkVars = '';
367 if (strcmp($linkVars, '')) {
368 $parts = t3lib_div::trimExplode('&', $linkVars);
369 // This sorts the parameters - and may not be needed and further
370 // it will generate new MD5 hashes in many cases. Maybe not so smart. Hmm?
371 sort($parts);
372 $remainingParts = array();
373 foreach ($parts as $index => $value) {
374 if (strlen($value)) {
375 list($parameterName) = explode('=', $value, 2);
376 $parameterName = rawurldecode($parameterName);
377 if (!$this->pEncodingAllowedParamNames[$parameterName]) {
378 unset($parts[$index]);
379 $remainingParts[] = $value;
380 }
381 } else {
382 unset($parts[$index]);
383 }
384 }
385 $linkVars = (count($parts) ? '&' . implode('&', $parts) : '');
386 $remainingLinkVars = (count($remainingParts) ? '&' . implode('&', $remainingParts) : '');
387 }
388 return array($linkVars, $remainingLinkVars);
389 }
390
391
392 /**
393 * Converts input string to an ASCII based file name prefix
394 *
395 * @param string String to base output on
396 * @param integer Number of characters in the string
397 * @param string Character to put in the end of string to merge it with the next value.
398 * @return string Converted string
399 */
400 public function fileNameASCIIPrefix($inTitle, $maxTitleChars, $mergeChar = '.') {
401 $out = $GLOBALS['TSFE']->csConvObj->specCharsToASCII($GLOBALS['TSFE']->renderCharset, $inTitle);
402
403 // Get replacement character
404 $replacementChar = $this->conf['replacementChar'];
405 $replacementChars = '_\-' . ($replacementChar != '_' && $replacementChar != '-' ? $replacementChar : '');
406 $out = preg_replace('/[^A-Za-z0-9_-]/', $replacementChar, trim(substr($out, 0, $maxTitleChars)));
407 $out = preg_replace('/([' . $replacementChars . ']){2,}/', '\1', $out);
408 $out = preg_replace('/[' . $replacementChars . ']?$/', '', $out);
409 $out = preg_replace('/^[' . $replacementChars . ']?/', '', $out);
410
411 return (strlen($out) ? $out . $mergeChar : '');
412 }
413 }
414
415 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/simulatestatic/class.tx_simulatestatic.php']) {
416 include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/simulatestatic/class.tx_simulatestatic.php']);
417 }
418 ?>