[TASK] Make GeneralUtility tests notice free
[Packages/TYPO3.CMS.git] / typo3 / sysext / core / Classes / Utility / GeneralUtility.php
1 <?php
2 namespace TYPO3\CMS\Core\Utility;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use GuzzleHttp\Exception\RequestException;
18 use Psr\Log\LoggerAwareInterface;
19 use Psr\Log\LoggerInterface;
20 use TYPO3\CMS\Core\Cache\CacheManager;
21 use TYPO3\CMS\Core\Core\ApplicationContext;
22 use TYPO3\CMS\Core\Core\ClassLoadingInformation;
23 use TYPO3\CMS\Core\Core\Environment;
24 use TYPO3\CMS\Core\Http\RequestFactory;
25 use TYPO3\CMS\Core\Log\LogLevel;
26 use TYPO3\CMS\Core\Log\LogManager;
27 use TYPO3\CMS\Core\Service\OpcodeCacheService;
28 use TYPO3\CMS\Core\SingletonInterface;
29 use TYPO3Fluid\Fluid\Core\Rendering\RenderingContextInterface;
30
31 /**
32 * The legendary "t3lib_div" class - Miscellaneous functions for general purpose.
33 * Most of the functions do not relate specifically to TYPO3
34 * However a section of functions requires certain TYPO3 features available
35 * See comments in the source.
36 * You are encouraged to use this library in your own scripts!
37 *
38 * USE:
39 * The class is intended to be used without creating an instance of it.
40 * So: Don't instantiate - call functions with "\TYPO3\CMS\Core\Utility\GeneralUtility::" prefixed the function name.
41 * So use \TYPO3\CMS\Core\Utility\GeneralUtility::[method-name] to refer to the functions, eg. '\TYPO3\CMS\Core\Utility\GeneralUtility::milliseconds()'
42 */
43 class GeneralUtility
44 {
45 // Severity constants used by \TYPO3\CMS\Core\Utility\GeneralUtility::devLog()
46 // @deprecated since TYPO3 CMS 9, will be removed in TYPO3 CMS 10.
47 const SYSLOG_SEVERITY_INFO = 0;
48 const SYSLOG_SEVERITY_NOTICE = 1;
49 const SYSLOG_SEVERITY_WARNING = 2;
50 const SYSLOG_SEVERITY_ERROR = 3;
51 const SYSLOG_SEVERITY_FATAL = 4;
52
53 const ENV_TRUSTED_HOSTS_PATTERN_ALLOW_ALL = '.*';
54 const ENV_TRUSTED_HOSTS_PATTERN_SERVER_NAME = 'SERVER_NAME';
55
56 /**
57 * State of host header value security check
58 * in order to avoid unnecessary multiple checks during one request
59 *
60 * @var bool
61 */
62 protected static $allowHostHeaderValue = false;
63
64 /**
65 * Singleton instances returned by makeInstance, using the class names as
66 * array keys
67 *
68 * @var array<\TYPO3\CMS\Core\SingletonInterface>
69 */
70 protected static $singletonInstances = [];
71
72 /**
73 * Instances returned by makeInstance, using the class names as array keys
74 *
75 * @var array<array><object>
76 */
77 protected static $nonSingletonInstances = [];
78
79 /**
80 * Cache for makeInstance with given class name and final class names to reduce number of self::getClassName() calls
81 *
82 * @var array Given class name => final class name
83 */
84 protected static $finalClassNameCache = [];
85
86 /**
87 * The application context
88 *
89 * @var \TYPO3\CMS\Core\Core\ApplicationContext
90 */
91 protected static $applicationContext;
92
93 /**
94 * IDNA string cache
95 *
96 * @var array<string>
97 */
98 protected static $idnaStringCache = [];
99
100 /**
101 * IDNA converter
102 *
103 * @var \Mso\IdnaConvert\IdnaConvert
104 */
105 protected static $idnaConverter;
106
107 /**
108 * A list of supported CGI server APIs
109 * NOTICE: This is a duplicate of the SAME array in SystemEnvironmentBuilder
110 * @var array
111 */
112 protected static $supportedCgiServerApis = [
113 'fpm-fcgi',
114 'cgi',
115 'isapi',
116 'cgi-fcgi',
117 'srv', // HHVM with fastcgi
118 ];
119
120 /**
121 * @var array
122 */
123 protected static $indpEnvCache = [];
124
125 /*************************
126 *
127 * GET/POST Variables
128 *
129 * Background:
130 * Input GET/POST variables in PHP may have their quotes escaped with "\" or not depending on configuration.
131 * TYPO3 has always converted quotes to BE escaped if the configuration told that they would not be so.
132 * But the clean solution is that quotes are never escaped and that is what the functions below offers.
133 * Eventually TYPO3 should provide this in the global space as well.
134 * In the transitional phase (or forever..?) we need to encourage EVERY to read and write GET/POST vars through the API functions below.
135 * This functionality was previously needed to normalize between magic quotes logic, which was removed from PHP 5.4,
136 * so these methods are still in use, but not tackle the slash problem anymore.
137 *
138 *************************/
139 /**
140 * Returns the 'GLOBAL' value of incoming data from POST or GET, with priority to POST (that is equalent to 'GP' order)
141 * To enhance security in your scripts, please consider using GeneralUtility::_GET or GeneralUtility::_POST if you already
142 * know by which method your data is arriving to the scripts!
143 *
144 * @param string $var GET/POST var to return
145 * @return mixed POST var named $var and if not set, the GET var of the same name.
146 */
147 public static function _GP($var)
148 {
149 if (empty($var)) {
150 return;
151 }
152 if (isset($_POST[$var])) {
153 $value = $_POST[$var];
154 } elseif (isset($_GET[$var])) {
155 $value = $_GET[$var];
156 } else {
157 $value = null;
158 }
159 // This is there for backwards-compatibility, in order to avoid NULL
160 if (isset($value) && !is_array($value)) {
161 $value = (string)$value;
162 }
163 return $value;
164 }
165
166 /**
167 * Returns the global arrays $_GET and $_POST merged with $_POST taking precedence.
168 *
169 * @param string $parameter Key (variable name) from GET or POST vars
170 * @return array Returns the GET vars merged recursively onto the POST vars.
171 */
172 public static function _GPmerged($parameter)
173 {
174 $postParameter = isset($_POST[$parameter]) && is_array($_POST[$parameter]) ? $_POST[$parameter] : [];
175 $getParameter = isset($_GET[$parameter]) && is_array($_GET[$parameter]) ? $_GET[$parameter] : [];
176 $mergedParameters = $getParameter;
177 ArrayUtility::mergeRecursiveWithOverrule($mergedParameters, $postParameter);
178 return $mergedParameters;
179 }
180
181 /**
182 * Returns the global $_GET array (or value from) normalized to contain un-escaped values.
183 * ALWAYS use this API function to acquire the GET variables!
184 * This function was previously used to normalize between magic quotes logic, which was removed from PHP 5.5
185 *
186 * @param string $var Optional pointer to value in GET array (basically name of GET var)
187 * @return mixed If $var is set it returns the value of $_GET[$var]. If $var is NULL (default), returns $_GET itself. In any case *slashes are stipped from the output!*
188 * @see _POST(), _GP(), _GETset()
189 */
190 public static function _GET($var = null)
191 {
192 $value = $var === null
193 ? $_GET
194 : (empty($var) ? null : ($_GET[$var] ?? null));
195 // This is there for backwards-compatibility, in order to avoid NULL
196 if (isset($value) && !is_array($value)) {
197 $value = (string)$value;
198 }
199 return $value;
200 }
201
202 /**
203 * Returns the global $_POST array (or value from) normalized to contain un-escaped values.
204 * ALWAYS use this API function to acquire the $_POST variables!
205 *
206 * @param string $var Optional pointer to value in POST array (basically name of POST var)
207 * @return mixed If $var is set it returns the value of $_POST[$var]. If $var is NULL (default), returns $_POST itself. In any case *slashes are stipped from the output!*
208 * @see _GET(), _GP()
209 */
210 public static function _POST($var = null)
211 {
212 $value = $var === null ? $_POST : (empty($var) || !isset($_POST[$var]) ? null : $_POST[$var]);
213 // This is there for backwards-compatibility, in order to avoid NULL
214 if (isset($value) && !is_array($value)) {
215 $value = (string)$value;
216 }
217 return $value;
218 }
219
220 /**
221 * Writes input value to $_GET.
222 *
223 * @param mixed $inputGet
224 * @param string $key
225 */
226 public static function _GETset($inputGet, $key = '')
227 {
228 if ($key != '') {
229 if (strpos($key, '|') !== false) {
230 $pieces = explode('|', $key);
231 $newGet = [];
232 $pointer = &$newGet;
233 foreach ($pieces as $piece) {
234 $pointer = &$pointer[$piece];
235 }
236 $pointer = $inputGet;
237 $mergedGet = $_GET;
238 ArrayUtility::mergeRecursiveWithOverrule($mergedGet, $newGet);
239 $_GET = $mergedGet;
240 $GLOBALS['HTTP_GET_VARS'] = $mergedGet;
241 } else {
242 $_GET[$key] = $inputGet;
243 $GLOBALS['HTTP_GET_VARS'][$key] = $inputGet;
244 }
245 } elseif (is_array($inputGet)) {
246 $_GET = $inputGet;
247 $GLOBALS['HTTP_GET_VARS'] = $inputGet;
248 }
249 }
250
251 /*************************
252 *
253 * STRING FUNCTIONS
254 *
255 *************************/
256 /**
257 * Truncates a string with appended/prepended "..." and takes current character set into consideration.
258 *
259 * @param string $string String to truncate
260 * @param int $chars Must be an integer with an absolute value of at least 4. if negative the string is cropped from the right end.
261 * @param string $appendString Appendix to the truncated string
262 * @return string Cropped string
263 */
264 public static function fixed_lgd_cs($string, $chars, $appendString = '...')
265 {
266 if ((int)$chars === 0 || mb_strlen($string, 'utf-8') <= abs($chars)) {
267 return $string;
268 }
269 if ($chars > 0) {
270 $string = mb_substr($string, 0, $chars, 'utf-8') . $appendString;
271 } else {
272 $string = $appendString . mb_substr($string, $chars, mb_strlen($string, 'utf-8'), 'utf-8');
273 }
274 return $string;
275 }
276
277 /**
278 * Match IP number with list of numbers with wildcard
279 * Dispatcher method for switching into specialised IPv4 and IPv6 methods.
280 *
281 * @param string $baseIP Is the current remote IP address for instance, typ. REMOTE_ADDR
282 * @param string $list Is a comma-list of IP-addresses to match with. *-wildcard allowed instead of number, plus leaving out parts in the IP number is accepted as wildcard (eg. 192.168.*.* equals 192.168). If list is "*" no check is done and the function returns TRUE immediately. An empty list always returns FALSE.
283 * @return bool TRUE if an IP-mask from $list matches $baseIP
284 */
285 public static function cmpIP($baseIP, $list)
286 {
287 $list = trim($list);
288 if ($list === '') {
289 return false;
290 }
291 if ($list === '*') {
292 return true;
293 }
294 if (strpos($baseIP, ':') !== false && self::validIPv6($baseIP)) {
295 return self::cmpIPv6($baseIP, $list);
296 }
297 return self::cmpIPv4($baseIP, $list);
298 }
299
300 /**
301 * Match IPv4 number with list of numbers with wildcard
302 *
303 * @param string $baseIP Is the current remote IP address for instance, typ. REMOTE_ADDR
304 * @param string $list Is a comma-list of IP-addresses to match with. *-wildcard allowed instead of number, plus leaving out parts in the IP number is accepted as wildcard (eg. 192.168.*.* equals 192.168), could also contain IPv6 addresses
305 * @return bool TRUE if an IP-mask from $list matches $baseIP
306 */
307 public static function cmpIPv4($baseIP, $list)
308 {
309 $IPpartsReq = explode('.', $baseIP);
310 if (count($IPpartsReq) === 4) {
311 $values = self::trimExplode(',', $list, true);
312 foreach ($values as $test) {
313 $testList = explode('/', $test);
314 if (count($testList) === 2) {
315 list($test, $mask) = $testList;
316 } else {
317 $mask = false;
318 }
319 if ((int)$mask) {
320 // "192.168.3.0/24"
321 $lnet = ip2long($test);
322 $lip = ip2long($baseIP);
323 $binnet = str_pad(decbin($lnet), 32, '0', STR_PAD_LEFT);
324 $firstpart = substr($binnet, 0, $mask);
325 $binip = str_pad(decbin($lip), 32, '0', STR_PAD_LEFT);
326 $firstip = substr($binip, 0, $mask);
327 $yes = $firstpart === $firstip;
328 } else {
329 // "192.168.*.*"
330 $IPparts = explode('.', $test);
331 $yes = 1;
332 foreach ($IPparts as $index => $val) {
333 $val = trim($val);
334 if ($val !== '*' && $IPpartsReq[$index] !== $val) {
335 $yes = 0;
336 }
337 }
338 }
339 if ($yes) {
340 return true;
341 }
342 }
343 }
344 return false;
345 }
346
347 /**
348 * Match IPv6 address with a list of IPv6 prefixes
349 *
350 * @param string $baseIP Is the current remote IP address for instance
351 * @param string $list Is a comma-list of IPv6 prefixes, could also contain IPv4 addresses
352 * @return bool TRUE If an baseIP matches any prefix
353 */
354 public static function cmpIPv6($baseIP, $list)
355 {
356 // Policy default: Deny connection
357 $success = false;
358 $baseIP = self::normalizeIPv6($baseIP);
359 $values = self::trimExplode(',', $list, true);
360 foreach ($values as $test) {
361 $testList = explode('/', $test);
362 if (count($testList) === 2) {
363 list($test, $mask) = $testList;
364 } else {
365 $mask = false;
366 }
367 if (self::validIPv6($test)) {
368 $test = self::normalizeIPv6($test);
369 $maskInt = (int)$mask ?: 128;
370 // Special case; /0 is an allowed mask - equals a wildcard
371 if ($mask === '0') {
372 $success = true;
373 } elseif ($maskInt == 128) {
374 $success = $test === $baseIP;
375 } else {
376 $testBin = self::IPv6Hex2Bin($test);
377 $baseIPBin = self::IPv6Hex2Bin($baseIP);
378 $success = true;
379 // Modulo is 0 if this is a 8-bit-boundary
380 $maskIntModulo = $maskInt % 8;
381 $numFullCharactersUntilBoundary = (int)($maskInt / 8);
382 if (substr($testBin, 0, $numFullCharactersUntilBoundary) !== substr($baseIPBin, 0, $numFullCharactersUntilBoundary)) {
383 $success = false;
384 } elseif ($maskIntModulo > 0) {
385 // If not an 8-bit-boundary, check bits of last character
386 $testLastBits = str_pad(decbin(ord(substr($testBin, $numFullCharactersUntilBoundary, 1))), 8, '0', STR_PAD_LEFT);
387 $baseIPLastBits = str_pad(decbin(ord(substr($baseIPBin, $numFullCharactersUntilBoundary, 1))), 8, '0', STR_PAD_LEFT);
388 if (strncmp($testLastBits, $baseIPLastBits, $maskIntModulo) != 0) {
389 $success = false;
390 }
391 }
392 }
393 }
394 if ($success) {
395 return true;
396 }
397 }
398 return false;
399 }
400
401 /**
402 * Transform a regular IPv6 address from hex-representation into binary
403 *
404 * @param string $hex IPv6 address in hex-presentation
405 * @return string Binary representation (16 characters, 128 characters)
406 * @see IPv6Bin2Hex()
407 */
408 public static function IPv6Hex2Bin($hex)
409 {
410 return inet_pton($hex);
411 }
412
413 /**
414 * Transform an IPv6 address from binary to hex-representation
415 *
416 * @param string $bin IPv6 address in hex-presentation
417 * @return string Binary representation (16 characters, 128 characters)
418 * @see IPv6Hex2Bin()
419 */
420 public static function IPv6Bin2Hex($bin)
421 {
422 return inet_ntop($bin);
423 }
424
425 /**
426 * Normalize an IPv6 address to full length
427 *
428 * @param string $address Given IPv6 address
429 * @return string Normalized address
430 * @see compressIPv6()
431 */
432 public static function normalizeIPv6($address)
433 {
434 $normalizedAddress = '';
435 $stageOneAddress = '';
436 // According to RFC lowercase-representation is recommended
437 $address = strtolower($address);
438 // Normalized representation has 39 characters (0000:0000:0000:0000:0000:0000:0000:0000)
439 if (strlen($address) === 39) {
440 // Already in full expanded form
441 return $address;
442 }
443 // Count 2 if if address has hidden zero blocks
444 $chunks = explode('::', $address);
445 if (count($chunks) === 2) {
446 $chunksLeft = explode(':', $chunks[0]);
447 $chunksRight = explode(':', $chunks[1]);
448 $left = count($chunksLeft);
449 $right = count($chunksRight);
450 // Special case: leading zero-only blocks count to 1, should be 0
451 if ($left === 1 && strlen($chunksLeft[0]) === 0) {
452 $left = 0;
453 }
454 $hiddenBlocks = 8 - ($left + $right);
455 $hiddenPart = '';
456 $h = 0;
457 while ($h < $hiddenBlocks) {
458 $hiddenPart .= '0000:';
459 $h++;
460 }
461 if ($left === 0) {
462 $stageOneAddress = $hiddenPart . $chunks[1];
463 } else {
464 $stageOneAddress = $chunks[0] . ':' . $hiddenPart . $chunks[1];
465 }
466 } else {
467 $stageOneAddress = $address;
468 }
469 // Normalize the blocks:
470 $blocks = explode(':', $stageOneAddress);
471 $divCounter = 0;
472 foreach ($blocks as $block) {
473 $tmpBlock = '';
474 $i = 0;
475 $hiddenZeros = 4 - strlen($block);
476 while ($i < $hiddenZeros) {
477 $tmpBlock .= '0';
478 $i++;
479 }
480 $normalizedAddress .= $tmpBlock . $block;
481 if ($divCounter < 7) {
482 $normalizedAddress .= ':';
483 $divCounter++;
484 }
485 }
486 return $normalizedAddress;
487 }
488
489 /**
490 * Compress an IPv6 address to the shortest notation
491 *
492 * @param string $address Given IPv6 address
493 * @return string Compressed address
494 * @see normalizeIPv6()
495 */
496 public static function compressIPv6($address)
497 {
498 return inet_ntop(inet_pton($address));
499 }
500
501 /**
502 * Validate a given IP address.
503 *
504 * Possible format are IPv4 and IPv6.
505 *
506 * @param string $ip IP address to be tested
507 * @return bool TRUE if $ip is either of IPv4 or IPv6 format.
508 */
509 public static function validIP($ip)
510 {
511 return filter_var($ip, FILTER_VALIDATE_IP) !== false;
512 }
513
514 /**
515 * Validate a given IP address to the IPv4 address format.
516 *
517 * Example for possible format: 10.0.45.99
518 *
519 * @param string $ip IP address to be tested
520 * @return bool TRUE if $ip is of IPv4 format.
521 */
522 public static function validIPv4($ip)
523 {
524 return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) !== false;
525 }
526
527 /**
528 * Validate a given IP address to the IPv6 address format.
529 *
530 * Example for possible format: 43FB::BB3F:A0A0:0 | ::1
531 *
532 * @param string $ip IP address to be tested
533 * @return bool TRUE if $ip is of IPv6 format.
534 */
535 public static function validIPv6($ip)
536 {
537 return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) !== false;
538 }
539
540 /**
541 * Match fully qualified domain name with list of strings with wildcard
542 *
543 * @param string $baseHost A hostname or an IPv4/IPv6-address (will by reverse-resolved; typically REMOTE_ADDR)
544 * @param string $list A comma-list of domain names to match with. *-wildcard allowed but cannot be part of a string, so it must match the full host name (eg. myhost.*.com => correct, myhost.*domain.com => wrong)
545 * @return bool TRUE if a domain name mask from $list matches $baseIP
546 */
547 public static function cmpFQDN($baseHost, $list)
548 {
549 $baseHost = trim($baseHost);
550 if (empty($baseHost)) {
551 return false;
552 }
553 if (self::validIPv4($baseHost) || self::validIPv6($baseHost)) {
554 // Resolve hostname
555 // Note: this is reverse-lookup and can be randomly set as soon as somebody is able to set
556 // the reverse-DNS for his IP (security when for example used with REMOTE_ADDR)
557 $baseHostName = gethostbyaddr($baseHost);
558 if ($baseHostName === $baseHost) {
559 // Unable to resolve hostname
560 return false;
561 }
562 } else {
563 $baseHostName = $baseHost;
564 }
565 $baseHostNameParts = explode('.', $baseHostName);
566 $values = self::trimExplode(',', $list, true);
567 foreach ($values as $test) {
568 $hostNameParts = explode('.', $test);
569 // To match hostNameParts can only be shorter (in case of wildcards) or equal
570 $hostNamePartsCount = count($hostNameParts);
571 $baseHostNamePartsCount = count($baseHostNameParts);
572 if ($hostNamePartsCount > $baseHostNamePartsCount) {
573 continue;
574 }
575 $yes = true;
576 foreach ($hostNameParts as $index => $val) {
577 $val = trim($val);
578 if ($val === '*') {
579 // Wildcard valid for one or more hostname-parts
580 $wildcardStart = $index + 1;
581 // Wildcard as last/only part always matches, otherwise perform recursive checks
582 if ($wildcardStart < $hostNamePartsCount) {
583 $wildcardMatched = false;
584 $tempHostName = implode('.', array_slice($hostNameParts, $index + 1));
585 while ($wildcardStart < $baseHostNamePartsCount && !$wildcardMatched) {
586 $tempBaseHostName = implode('.', array_slice($baseHostNameParts, $wildcardStart));
587 $wildcardMatched = self::cmpFQDN($tempBaseHostName, $tempHostName);
588 $wildcardStart++;
589 }
590 if ($wildcardMatched) {
591 // Match found by recursive compare
592 return true;
593 }
594 $yes = false;
595 }
596 } elseif ($baseHostNameParts[$index] !== $val) {
597 // In case of no match
598 $yes = false;
599 }
600 }
601 if ($yes) {
602 return true;
603 }
604 }
605 return false;
606 }
607
608 /**
609 * Checks if a given URL matches the host that currently handles this HTTP request.
610 * Scheme, hostname and (optional) port of the given URL are compared.
611 *
612 * @param string $url URL to compare with the TYPO3 request host
613 * @return bool Whether the URL matches the TYPO3 request host
614 */
615 public static function isOnCurrentHost($url)
616 {
617 return stripos($url . '/', self::getIndpEnv('TYPO3_REQUEST_HOST') . '/') === 0;
618 }
619
620 /**
621 * Check for item in list
622 * Check if an item exists in a comma-separated list of items.
623 *
624 * @param string $list Comma-separated list of items (string)
625 * @param string $item Item to check for
626 * @return bool TRUE if $item is in $list
627 */
628 public static function inList($list, $item)
629 {
630 return strpos(',' . $list . ',', ',' . $item . ',') !== false;
631 }
632
633 /**
634 * Removes an item from a comma-separated list of items.
635 *
636 * If $element contains a comma, the behaviour of this method is undefined.
637 * Empty elements in the list are preserved.
638 *
639 * @param string $element Element to remove
640 * @param string $list Comma-separated list of items (string)
641 * @return string New comma-separated list of items
642 */
643 public static function rmFromList($element, $list)
644 {
645 $items = explode(',', $list);
646 foreach ($items as $k => $v) {
647 if ($v == $element) {
648 unset($items[$k]);
649 }
650 }
651 return implode(',', $items);
652 }
653
654 /**
655 * Expand a comma-separated list of integers with ranges (eg 1,3-5,7 becomes 1,3,4,5,7).
656 * Ranges are limited to 1000 values per range.
657 *
658 * @param string $list Comma-separated list of integers with ranges (string)
659 * @return string New comma-separated list of items
660 */
661 public static function expandList($list)
662 {
663 $items = explode(',', $list);
664 $list = [];
665 foreach ($items as $item) {
666 $range = explode('-', $item);
667 if (isset($range[1])) {
668 $runAwayBrake = 1000;
669 for ($n = $range[0]; $n <= $range[1]; $n++) {
670 $list[] = $n;
671 $runAwayBrake--;
672 if ($runAwayBrake <= 0) {
673 break;
674 }
675 }
676 } else {
677 $list[] = $item;
678 }
679 }
680 return implode(',', $list);
681 }
682
683 /**
684 * Makes a positive integer hash out of the first 7 chars from the md5 hash of the input
685 *
686 * @param string $str String to md5-hash
687 * @return int Returns 28bit integer-hash
688 */
689 public static function md5int($str)
690 {
691 return hexdec(substr(md5($str), 0, 7));
692 }
693
694 /**
695 * Returns the first 10 positions of the MD5-hash (changed from 6 to 10 recently)
696 *
697 * @param string $input Input string to be md5-hashed
698 * @param int $len The string-length of the output
699 * @return string Substring of the resulting md5-hash, being $len chars long (from beginning)
700 */
701 public static function shortMD5($input, $len = 10)
702 {
703 return substr(md5($input), 0, $len);
704 }
705
706 /**
707 * Returns a proper HMAC on a given input string and secret TYPO3 encryption key.
708 *
709 * @param string $input Input string to create HMAC from
710 * @param string $additionalSecret additionalSecret to prevent hmac being used in a different context
711 * @return string resulting (hexadecimal) HMAC currently with a length of 40 (HMAC-SHA-1)
712 */
713 public static function hmac($input, $additionalSecret = '')
714 {
715 $hashAlgorithm = 'sha1';
716 $hashBlocksize = 64;
717 $secret = $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'] . $additionalSecret;
718 if (extension_loaded('hash') && function_exists('hash_hmac') && function_exists('hash_algos') && in_array($hashAlgorithm, hash_algos())) {
719 $hmac = hash_hmac($hashAlgorithm, $input, $secret);
720 } else {
721 // Outer padding
722 $opad = str_repeat(chr(92), $hashBlocksize);
723 // Inner padding
724 $ipad = str_repeat(chr(54), $hashBlocksize);
725 if (strlen($secret) > $hashBlocksize) {
726 // Keys longer than block size are shorten
727 $key = str_pad(pack('H*', call_user_func($hashAlgorithm, $secret)), $hashBlocksize, "\0");
728 } else {
729 // Keys shorter than block size are zero-padded
730 $key = str_pad($secret, $hashBlocksize, "\0");
731 }
732 $hmac = call_user_func($hashAlgorithm, ($key ^ $opad) . pack('H*', call_user_func(
733 $hashAlgorithm,
734 ($key ^ $ipad) . $input
735 )));
736 }
737 return $hmac;
738 }
739
740 /**
741 * Takes comma-separated lists and arrays and removes all duplicates
742 * If a value in the list is trim(empty), the value is ignored.
743 *
744 * @param string $in_list Accept multiple parameters which can be comma-separated lists of values and arrays.
745 * @param mixed $secondParameter Dummy field, which if set will show a warning!
746 * @return string Returns the list without any duplicates of values, space around values are trimmed
747 */
748 public static function uniqueList($in_list, $secondParameter = null)
749 {
750 if (is_array($in_list)) {
751 throw new \InvalidArgumentException('TYPO3 Fatal Error: TYPO3\\CMS\\Core\\Utility\\GeneralUtility::uniqueList() does NOT support array arguments anymore! Only string comma lists!', 1270853885);
752 }
753 if (isset($secondParameter)) {
754 throw new \InvalidArgumentException('TYPO3 Fatal Error: TYPO3\\CMS\\Core\\Utility\\GeneralUtility::uniqueList() does NOT support more than a single argument value anymore. You have specified more than one!', 1270853886);
755 }
756 return implode(',', array_unique(self::trimExplode(',', $in_list, true)));
757 }
758
759 /**
760 * Splits a reference to a file in 5 parts
761 *
762 * @param string $fileNameWithPath File name with path to be analysed (must exist if open_basedir is set)
763 * @return array Contains keys [path], [file], [filebody], [fileext], [realFileext]
764 */
765 public static function split_fileref($fileNameWithPath)
766 {
767 $reg = [];
768 if (preg_match('/(.*\\/)(.*)$/', $fileNameWithPath, $reg)) {
769 $info['path'] = $reg[1];
770 $info['file'] = $reg[2];
771 } else {
772 $info['path'] = '';
773 $info['file'] = $fileNameWithPath;
774 }
775 $reg = '';
776 // If open_basedir is set and the fileName was supplied without a path the is_dir check fails
777 if (!is_dir($fileNameWithPath) && preg_match('/(.*)\\.([^\\.]*$)/', $info['file'], $reg)) {
778 $info['filebody'] = $reg[1];
779 $info['fileext'] = strtolower($reg[2]);
780 $info['realFileext'] = $reg[2];
781 } else {
782 $info['filebody'] = $info['file'];
783 $info['fileext'] = '';
784 }
785 reset($info);
786 return $info;
787 }
788
789 /**
790 * Returns the directory part of a path without trailing slash
791 * If there is no dir-part, then an empty string is returned.
792 * Behaviour:
793 *
794 * '/dir1/dir2/script.php' => '/dir1/dir2'
795 * '/dir1/' => '/dir1'
796 * 'dir1/script.php' => 'dir1'
797 * 'd/script.php' => 'd'
798 * '/script.php' => ''
799 * '' => ''
800 *
801 * @param string $path Directory name / path
802 * @return string Processed input value. See function description.
803 */
804 public static function dirname($path)
805 {
806 $p = self::revExplode('/', $path, 2);
807 return count($p) === 2 ? $p[0] : '';
808 }
809
810 /**
811 * Returns TRUE if the first part of $str matches the string $partStr
812 *
813 * @param string $str Full string to check
814 * @param string $partStr Reference string which must be found as the "first part" of the full string
815 * @return bool TRUE if $partStr was found to be equal to the first part of $str
816 */
817 public static function isFirstPartOfStr($str, $partStr)
818 {
819 $str = is_array($str) ? '' : (string)$str;
820 $partStr = is_array($partStr) ? '' : (string)$partStr;
821 return $partStr !== '' && strpos($str, $partStr, 0) === 0;
822 }
823
824 /**
825 * Formats the input integer $sizeInBytes as bytes/kilobytes/megabytes (-/K/M)
826 *
827 * @param int $sizeInBytes Number of bytes to format.
828 * @param string $labels Binary unit name "iec", decimal unit name "si" or labels for bytes, kilo, mega, giga, and so on separated by vertical bar (|) and possibly encapsulated in "". Eg: " | K| M| G". Defaults to "iec".
829 * @param int $base The unit base if not using a unit name. Defaults to 1024.
830 * @return string Formatted representation of the byte number, for output.
831 */
832 public static function formatSize($sizeInBytes, $labels = '', $base = 0)
833 {
834 $defaultFormats = [
835 'iec' => ['base' => 1024, 'labels' => [' ', ' Ki', ' Mi', ' Gi', ' Ti', ' Pi', ' Ei', ' Zi', ' Yi']],
836 'si' => ['base' => 1000, 'labels' => [' ', ' k', ' M', ' G', ' T', ' P', ' E', ' Z', ' Y']],
837 ];
838 // Set labels and base:
839 if (empty($labels)) {
840 $labels = 'iec';
841 }
842 if (isset($defaultFormats[$labels])) {
843 $base = $defaultFormats[$labels]['base'];
844 $labelArr = $defaultFormats[$labels]['labels'];
845 } else {
846 $base = (int)$base;
847 if ($base !== 1000 && $base !== 1024) {
848 $base = 1024;
849 }
850 $labelArr = explode('|', str_replace('"', '', $labels));
851 }
852 // @todo find out which locale is used for current BE user to cover the BE case as well
853 $oldLocale = setlocale(LC_NUMERIC, 0);
854 $newLocale = $GLOBALS['TSFE']->config['config']['locale_all'] ?? '';
855 if ($newLocale) {
856 setlocale(LC_NUMERIC, $newLocale);
857 }
858 $localeInfo = localeconv();
859 if ($newLocale) {
860 setlocale(LC_NUMERIC, $oldLocale);
861 }
862 $sizeInBytes = max($sizeInBytes, 0);
863 $multiplier = floor(($sizeInBytes ? log($sizeInBytes) : 0) / log($base));
864 $sizeInUnits = $sizeInBytes / pow($base, $multiplier);
865 if ($sizeInUnits > ($base * .9)) {
866 $multiplier++;
867 }
868 $multiplier = min($multiplier, count($labelArr) - 1);
869 $sizeInUnits = $sizeInBytes / pow($base, $multiplier);
870 return number_format($sizeInUnits, (($multiplier > 0) && ($sizeInUnits < 20)) ? 2 : 0, $localeInfo['decimal_point'], '') . $labelArr[$multiplier];
871 }
872
873 /**
874 * This splits a string by the chars in $operators (typical /+-*) and returns an array with them in
875 *
876 * @param string $string Input string, eg "123 + 456 / 789 - 4
877 * @param string $operators Operators to split by, typically "/+-*
878 * @return array Array with operators and operands separated.
879 * @see \TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer::calc(), \TYPO3\CMS\Frontend\Imaging\GifBuilder::calcOffset()
880 */
881 public static function splitCalc($string, $operators)
882 {
883 $res = [];
884 $sign = '+';
885 while ($string) {
886 $valueLen = strcspn($string, $operators);
887 $value = substr($string, 0, $valueLen);
888 $res[] = [$sign, trim($value)];
889 $sign = substr($string, $valueLen, 1);
890 $string = substr($string, $valueLen + 1);
891 }
892 reset($res);
893 return $res;
894 }
895
896 /**
897 * Checking syntax of input email address
898 *
899 * http://tools.ietf.org/html/rfc3696
900 * International characters are allowed in email. So the whole address needs
901 * to be converted to punicode before passing it to filter_var(). We convert
902 * the user- and domain part separately to increase the chance of hitting an
903 * entry in self::$idnaStringCache.
904 *
905 * Also the @ sign may appear multiple times in an address. If not used as
906 * a boundary marker between the user- and domain part, it must be escaped
907 * with a backslash: \@. This mean we can not just explode on the @ sign and
908 * expect to get just two parts. So we pop off the domain and then glue the
909 * rest together again.
910 *
911 * @param string $email Input string to evaluate
912 * @return bool Returns TRUE if the $email address (input string) is valid
913 */
914 public static function validEmail($email)
915 {
916 // Early return in case input is not a string
917 if (!is_string($email)) {
918 return false;
919 }
920 $atPosition = strrpos($email, '@');
921 if (!$atPosition || $atPosition + 1 === strlen($email)) {
922 // Return if no @ found or it is placed at the very beginning or end of the email
923 return false;
924 }
925 $domain = substr($email, $atPosition + 1);
926 $user = substr($email, 0, $atPosition);
927 if (!preg_match('/^[a-z0-9.\\-]*$/i', $domain)) {
928 try {
929 $domain = self::idnaEncode($domain);
930 } catch (\InvalidArgumentException $exception) {
931 return false;
932 }
933 }
934 return filter_var($user . '@' . $domain, FILTER_VALIDATE_EMAIL) !== false;
935 }
936
937 /**
938 * Returns an ASCII string (punicode) representation of $value
939 *
940 * @param string $value
941 * @return string An ASCII encoded (punicode) string
942 */
943 public static function idnaEncode($value)
944 {
945 if (isset(self::$idnaStringCache[$value])) {
946 return self::$idnaStringCache[$value];
947 }
948 if (!self::$idnaConverter) {
949 self::$idnaConverter = new \Mso\IdnaConvert\IdnaConvert(['idn_version' => 2008]);
950 }
951 self::$idnaStringCache[$value] = self::$idnaConverter->encode($value);
952 return self::$idnaStringCache[$value];
953 }
954
955 /**
956 * Returns a given string with underscores as UpperCamelCase.
957 * Example: Converts blog_example to BlogExample
958 *
959 * @param string $string String to be converted to camel case
960 * @return string UpperCamelCasedWord
961 */
962 public static function underscoredToUpperCamelCase($string)
963 {
964 return str_replace(' ', '', ucwords(str_replace('_', ' ', strtolower($string))));
965 }
966
967 /**
968 * Returns a given string with underscores as lowerCamelCase.
969 * Example: Converts minimal_value to minimalValue
970 *
971 * @param string $string String to be converted to camel case
972 * @return string lowerCamelCasedWord
973 */
974 public static function underscoredToLowerCamelCase($string)
975 {
976 return lcfirst(str_replace(' ', '', ucwords(str_replace('_', ' ', strtolower($string)))));
977 }
978
979 /**
980 * Returns a given CamelCasedString as an lowercase string with underscores.
981 * Example: Converts BlogExample to blog_example, and minimalValue to minimal_value
982 *
983 * @param string $string String to be converted to lowercase underscore
984 * @return string lowercase_and_underscored_string
985 */
986 public static function camelCaseToLowerCaseUnderscored($string)
987 {
988 $value = preg_replace('/(?<=\\w)([A-Z])/', '_\\1', $string);
989 return mb_strtolower($value, 'utf-8');
990 }
991
992 /**
993 * Checks if a given string is a Uniform Resource Locator (URL).
994 *
995 * On seriously malformed URLs, parse_url may return FALSE and emit an
996 * E_WARNING.
997 *
998 * filter_var() requires a scheme to be present.
999 *
1000 * http://www.faqs.org/rfcs/rfc2396.html
1001 * Scheme names consist of a sequence of characters beginning with a
1002 * lower case letter and followed by any combination of lower case letters,
1003 * digits, plus ("+"), period ("."), or hyphen ("-"). For resiliency,
1004 * programs interpreting URI should treat upper case letters as equivalent to
1005 * lower case in scheme names (e.g., allow "HTTP" as well as "http").
1006 * scheme = alpha *( alpha | digit | "+" | "-" | "." )
1007 *
1008 * Convert the domain part to punicode if it does not look like a regular
1009 * domain name. Only the domain part because RFC3986 specifies the the rest of
1010 * the url may not contain special characters:
1011 * http://tools.ietf.org/html/rfc3986#appendix-A
1012 *
1013 * @param string $url The URL to be validated
1014 * @return bool Whether the given URL is valid
1015 */
1016 public static function isValidUrl($url)
1017 {
1018 $parsedUrl = parse_url($url);
1019 if (!$parsedUrl || !isset($parsedUrl['scheme'])) {
1020 return false;
1021 }
1022 // HttpUtility::buildUrl() will always build urls with <scheme>://
1023 // our original $url might only contain <scheme>: (e.g. mail:)
1024 // so we convert that to the double-slashed version to ensure
1025 // our check against the $recomposedUrl is proper
1026 if (!self::isFirstPartOfStr($url, $parsedUrl['scheme'] . '://')) {
1027 $url = str_replace($parsedUrl['scheme'] . ':', $parsedUrl['scheme'] . '://', $url);
1028 }
1029 $recomposedUrl = HttpUtility::buildUrl($parsedUrl);
1030 if ($recomposedUrl !== $url) {
1031 // The parse_url() had to modify characters, so the URL is invalid
1032 return false;
1033 }
1034 if (isset($parsedUrl['host']) && !preg_match('/^[a-z0-9.\\-]*$/i', $parsedUrl['host'])) {
1035 try {
1036 $parsedUrl['host'] = self::idnaEncode($parsedUrl['host']);
1037 } catch (\InvalidArgumentException $exception) {
1038 return false;
1039 }
1040 }
1041 return filter_var(HttpUtility::buildUrl($parsedUrl), FILTER_VALIDATE_URL) !== false;
1042 }
1043
1044 /*************************
1045 *
1046 * ARRAY FUNCTIONS
1047 *
1048 *************************/
1049
1050 /**
1051 * Explodes a $string delimited by $delimiter and casts each item in the array to (int).
1052 * Corresponds to \TYPO3\CMS\Core\Utility\GeneralUtility::trimExplode(), but with conversion to integers for all values.
1053 *
1054 * @param string $delimiter Delimiter string to explode with
1055 * @param string $string The string to explode
1056 * @param bool $removeEmptyValues If set, all empty values (='') will NOT be set in output
1057 * @param int $limit If positive, the result will contain a maximum of limit elements,
1058 * @return array Exploded values, all converted to integers
1059 */
1060 public static function intExplode($delimiter, $string, $removeEmptyValues = false, $limit = 0)
1061 {
1062 $result = explode($delimiter, $string);
1063 foreach ($result as $key => &$value) {
1064 if ($removeEmptyValues && ($value === '' || trim($value) === '')) {
1065 unset($result[$key]);
1066 } else {
1067 $value = (int)$value;
1068 }
1069 }
1070 unset($value);
1071 if ($limit !== 0) {
1072 if ($limit < 0) {
1073 $result = array_slice($result, 0, $limit);
1074 } elseif (count($result) > $limit) {
1075 $lastElements = array_slice($result, $limit - 1);
1076 $result = array_slice($result, 0, $limit - 1);
1077 $result[] = implode($delimiter, $lastElements);
1078 }
1079 }
1080 return $result;
1081 }
1082
1083 /**
1084 * Reverse explode which explodes the string counting from behind.
1085 *
1086 * Note: The delimiter has to given in the reverse order as
1087 * it is occurring within the string.
1088 *
1089 * GeneralUtility::revExplode('[]', '[my][words][here]', 2)
1090 * ==> array('[my][words', 'here]')
1091 *
1092 * @param string $delimiter Delimiter string to explode with
1093 * @param string $string The string to explode
1094 * @param int $count Number of array entries
1095 * @return array Exploded values
1096 */
1097 public static function revExplode($delimiter, $string, $count = 0)
1098 {
1099 // 2 is the (currently, as of 2014-02) most-used value for $count in the core, therefore we check it first
1100 if ($count === 2) {
1101 $position = strrpos($string, strrev($delimiter));
1102 if ($position !== false) {
1103 return [substr($string, 0, $position), substr($string, $position + strlen($delimiter))];
1104 }
1105 return [$string];
1106 }
1107 if ($count <= 1) {
1108 return [$string];
1109 }
1110 $explodedValues = explode($delimiter, strrev($string), $count);
1111 $explodedValues = array_map('strrev', $explodedValues);
1112 return array_reverse($explodedValues);
1113 }
1114
1115 /**
1116 * Explodes a string and trims all values for whitespace in the end.
1117 * If $onlyNonEmptyValues is set, then all blank ('') values are removed.
1118 *
1119 * @param string $delim Delimiter string to explode with
1120 * @param string $string The string to explode
1121 * @param bool $removeEmptyValues If set, all empty values will be removed in output
1122 * @param int $limit If limit is set and positive, the returned array will contain a maximum of limit elements with
1123 * the last element containing the rest of string. If the limit parameter is negative, all components
1124 * except the last -limit are returned.
1125 * @return array Exploded values
1126 */
1127 public static function trimExplode($delim, $string, $removeEmptyValues = false, $limit = 0)
1128 {
1129 $result = explode($delim, $string);
1130 if ($removeEmptyValues) {
1131 $temp = [];
1132 foreach ($result as $value) {
1133 if (trim($value) !== '') {
1134 $temp[] = $value;
1135 }
1136 }
1137 $result = $temp;
1138 }
1139 if ($limit > 0 && count($result) > $limit) {
1140 $lastElements = array_splice($result, $limit - 1);
1141 $result[] = implode($delim, $lastElements);
1142 } elseif ($limit < 0) {
1143 $result = array_slice($result, 0, $limit);
1144 }
1145 $result = array_map('trim', $result);
1146 return $result;
1147 }
1148
1149 /**
1150 * Implodes a multidim-array into GET-parameters (eg. &param[key][key2]=value2&param[key][key3]=value3)
1151 *
1152 * @param string $name Name prefix for entries. Set to blank if you wish none.
1153 * @param array $theArray The (multidimensional) array to implode
1154 * @param string $str (keep blank)
1155 * @param bool $skipBlank If set, parameters which were blank strings would be removed.
1156 * @param bool $rawurlencodeParamName If set, the param name itself (for example "param[key][key2]") would be rawurlencoded as well.
1157 * @return string Imploded result, fx. &param[key][key2]=value2&param[key][key3]=value3
1158 * @see explodeUrl2Array()
1159 */
1160 public static function implodeArrayForUrl($name, array $theArray, $str = '', $skipBlank = false, $rawurlencodeParamName = false)
1161 {
1162 foreach ($theArray as $Akey => $AVal) {
1163 $thisKeyName = $name ? $name . '[' . $Akey . ']' : $Akey;
1164 if (is_array($AVal)) {
1165 $str = self::implodeArrayForUrl($thisKeyName, $AVal, $str, $skipBlank, $rawurlencodeParamName);
1166 } else {
1167 if (!$skipBlank || (string)$AVal !== '') {
1168 $str .= '&' . ($rawurlencodeParamName ? rawurlencode($thisKeyName) : $thisKeyName) . '=' . rawurlencode($AVal);
1169 }
1170 }
1171 }
1172 return $str;
1173 }
1174
1175 /**
1176 * Explodes a string with GETvars (eg. "&id=1&type=2&ext[mykey]=3") into an array.
1177 *
1178 * Note! If you want to use a multi-dimensional string, consider this plain simple PHP code instead:
1179 *
1180 * $result = [];
1181 * parse_str($queryParametersAsString, $result);
1182 *
1183 * However, if you do magic with a flat structure (e.g. keeping "ext[mykey]" as flat key in a one-dimensional array)
1184 * then this method is for you.
1185 *
1186 * @param string $string GETvars string
1187 * @param bool $multidim If set, the string will be parsed into a multidimensional array if square brackets are used in variable names (using PHP function parse_str())
1188 * @return array Array of values. All values AND keys are rawurldecoded() as they properly should be. But this means that any implosion of the array again must rawurlencode it!
1189 * @see implodeArrayForUrl()
1190 */
1191 public static function explodeUrl2Array($string, $multidim = null)
1192 {
1193 $output = [];
1194 if ($multidim) {
1195 trigger_error('GeneralUtility::explodeUrl2Array() with a multi-dimensional explode functionality will be removed in TYPO3 v10.0. is built-in PHP with "parse_str($input, $output);". Use the native PHP methods instead.', E_USER_DEPRECATED);
1196 parse_str($string, $output);
1197 } else {
1198 if ($multidim !== null) {
1199 trigger_error('GeneralUtility::explodeUrl2Array() does not need a second method argument anymore, and will be removed in TYPO3 v10.0.', E_USER_DEPRECATED);
1200 }
1201 $p = explode('&', $string);
1202 foreach ($p as $v) {
1203 if ($v !== '') {
1204 list($pK, $pV) = explode('=', $v, 2);
1205 $output[rawurldecode($pK)] = rawurldecode($pV);
1206 }
1207 }
1208 }
1209 return $output;
1210 }
1211
1212 /**
1213 * Returns an array with selected keys from incoming data.
1214 * (Better read source code if you want to find out...)
1215 *
1216 * @param string $varList List of variable/key names
1217 * @param array $getArray Array from where to get values based on the keys in $varList
1218 * @param bool $GPvarAlt If set, then \TYPO3\CMS\Core\Utility\GeneralUtility::_GP() is used to fetch the value if not found (isset) in the $getArray
1219 * @return array Output array with selected variables.
1220 */
1221 public static function compileSelectedGetVarsFromArray($varList, array $getArray, $GPvarAlt = true)
1222 {
1223 $keys = self::trimExplode(',', $varList, true);
1224 $outArr = [];
1225 foreach ($keys as $v) {
1226 if (isset($getArray[$v])) {
1227 $outArr[$v] = $getArray[$v];
1228 } elseif ($GPvarAlt) {
1229 $outArr[$v] = self::_GP($v);
1230 }
1231 }
1232 return $outArr;
1233 }
1234
1235 /**
1236 * Removes dots "." from end of a key identifier of TypoScript styled array.
1237 * array('key.' => array('property.' => 'value')) --> array('key' => array('property' => 'value'))
1238 *
1239 * @param array $ts TypoScript configuration array
1240 * @return array TypoScript configuration array without dots at the end of all keys
1241 */
1242 public static function removeDotsFromTS(array $ts)
1243 {
1244 $out = [];
1245 foreach ($ts as $key => $value) {
1246 if (is_array($value)) {
1247 $key = rtrim($key, '.');
1248 $out[$key] = self::removeDotsFromTS($value);
1249 } else {
1250 $out[$key] = $value;
1251 }
1252 }
1253 return $out;
1254 }
1255
1256 /*************************
1257 *
1258 * HTML/XML PROCESSING
1259 *
1260 *************************/
1261 /**
1262 * Returns an array with all attributes of the input HTML tag as key/value pairs. Attributes are only lowercase a-z
1263 * $tag is either a whole tag (eg '<TAG OPTION ATTRIB=VALUE>') or the parameter list (ex ' OPTION ATTRIB=VALUE>')
1264 * If an attribute is empty, then the value for the key is empty. You can check if it existed with isset()
1265 *
1266 * @param string $tag HTML-tag string (or attributes only)
1267 * @return array Array with the attribute values.
1268 */
1269 public static function get_tag_attributes($tag)
1270 {
1271 $components = self::split_tag_attributes($tag);
1272 // Attribute name is stored here
1273 $name = '';
1274 $valuemode = false;
1275 $attributes = [];
1276 foreach ($components as $key => $val) {
1277 // Only if $name is set (if there is an attribute, that waits for a value), that valuemode is enabled. This ensures that the attribute is assigned it's value
1278 if ($val !== '=') {
1279 if ($valuemode) {
1280 if ($name) {
1281 $attributes[$name] = $val;
1282 $name = '';
1283 }
1284 } else {
1285 if ($key = strtolower(preg_replace('/[^[:alnum:]_\\:\\-]/', '', $val))) {
1286 $attributes[$key] = '';
1287 $name = $key;
1288 }
1289 }
1290 $valuemode = false;
1291 } else {
1292 $valuemode = true;
1293 }
1294 }
1295 return $attributes;
1296 }
1297
1298 /**
1299 * Returns an array with the 'components' from an attribute list from an HTML tag. The result is normally analyzed by get_tag_attributes
1300 * Removes tag-name if found
1301 *
1302 * @param string $tag HTML-tag string (or attributes only)
1303 * @return array Array with the attribute values.
1304 */
1305 public static function split_tag_attributes($tag)
1306 {
1307 $tag_tmp = trim(preg_replace('/^<[^[:space:]]*/', '', trim($tag)));
1308 // Removes any > in the end of the string
1309 $tag_tmp = trim(rtrim($tag_tmp, '>'));
1310 $value = [];
1311 // Compared with empty string instead , 030102
1312 while ($tag_tmp !== '') {
1313 $firstChar = $tag_tmp[0];
1314 if ($firstChar === '"' || $firstChar === '\'') {
1315 $reg = explode($firstChar, $tag_tmp, 3);
1316 $value[] = $reg[1];
1317 $tag_tmp = trim($reg[2]);
1318 } elseif ($firstChar === '=') {
1319 $value[] = '=';
1320 // Removes = chars.
1321 $tag_tmp = trim(substr($tag_tmp, 1));
1322 } else {
1323 // There are '' around the value. We look for the next ' ' or '>'
1324 $reg = preg_split('/[[:space:]=]/', $tag_tmp, 2);
1325 $value[] = trim($reg[0]);
1326 $tag_tmp = trim(substr($tag_tmp, strlen($reg[0]), 1) . ($reg[1] ?? ''));
1327 }
1328 }
1329 reset($value);
1330 return $value;
1331 }
1332
1333 /**
1334 * Implodes attributes in the array $arr for an attribute list in eg. and HTML tag (with quotes)
1335 *
1336 * @param array $arr Array with attribute key/value pairs, eg. "bgcolor"=>"red", "border"=>0
1337 * @param bool $xhtmlSafe If set the resulting attribute list will have a) all attributes in lowercase (and duplicates weeded out, first entry taking precedence) and b) all values htmlspecialchar()'ed. It is recommended to use this switch!
1338 * @param bool $dontOmitBlankAttribs If TRUE, don't check if values are blank. Default is to omit attributes with blank values.
1339 * @return string Imploded attributes, eg. 'bgcolor="red" border="0"'
1340 */
1341 public static function implodeAttributes(array $arr, $xhtmlSafe = false, $dontOmitBlankAttribs = false)
1342 {
1343 if ($xhtmlSafe) {
1344 $newArr = [];
1345 foreach ($arr as $p => $v) {
1346 if (!isset($newArr[strtolower($p)])) {
1347 $newArr[strtolower($p)] = htmlspecialchars($v);
1348 }
1349 }
1350 $arr = $newArr;
1351 }
1352 $list = [];
1353 foreach ($arr as $p => $v) {
1354 if ((string)$v !== '' || $dontOmitBlankAttribs) {
1355 $list[] = $p . '="' . $v . '"';
1356 }
1357 }
1358 return implode(' ', $list);
1359 }
1360
1361 /**
1362 * Wraps JavaScript code XHTML ready with <script>-tags
1363 * Automatic re-indenting of the JS code is done by using the first line as indent reference.
1364 * This is nice for indenting JS code with PHP code on the same level.
1365 *
1366 * @param string $string JavaScript code
1367 * @return string The wrapped JS code, ready to put into a XHTML page
1368 */
1369 public static function wrapJS($string)
1370 {
1371 if (trim($string)) {
1372 // remove nl from the beginning
1373 $string = ltrim($string, LF);
1374 // re-ident to one tab using the first line as reference
1375 $match = [];
1376 if (preg_match('/^(\\t+)/', $string, $match)) {
1377 $string = str_replace($match[1], "\t", $string);
1378 }
1379 return '<script type="text/javascript">
1380 /*<![CDATA[*/
1381 ' . $string . '
1382 /*]]>*/
1383 </script>';
1384 }
1385 return '';
1386 }
1387
1388 /**
1389 * Parses XML input into a PHP array with associative keys
1390 *
1391 * @param string $string XML data input
1392 * @param int $depth Number of element levels to resolve the XML into an array. Any further structure will be set as XML.
1393 * @param array $parserOptions Options that will be passed to PHP's xml_parser_set_option()
1394 * @return mixed The array with the parsed structure unless the XML parser returns with an error in which case the error message string is returned.
1395 */
1396 public static function xml2tree($string, $depth = 999, $parserOptions = [])
1397 {
1398 // Disables the functionality to allow external entities to be loaded when parsing the XML, must be kept
1399 $previousValueOfEntityLoader = libxml_disable_entity_loader(true);
1400 $parser = xml_parser_create();
1401 $vals = [];
1402 $index = [];
1403 xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, 0);
1404 xml_parser_set_option($parser, XML_OPTION_SKIP_WHITE, 0);
1405 foreach ($parserOptions as $option => $value) {
1406 xml_parser_set_option($parser, $option, $value);
1407 }
1408 xml_parse_into_struct($parser, $string, $vals, $index);
1409 libxml_disable_entity_loader($previousValueOfEntityLoader);
1410 if (xml_get_error_code($parser)) {
1411 return 'Line ' . xml_get_current_line_number($parser) . ': ' . xml_error_string(xml_get_error_code($parser));
1412 }
1413 xml_parser_free($parser);
1414 $stack = [[]];
1415 $stacktop = 0;
1416 $startPoint = 0;
1417 $tagi = [];
1418 foreach ($vals as $key => $val) {
1419 $type = $val['type'];
1420 // open tag:
1421 if ($type === 'open' || $type === 'complete') {
1422 $stack[$stacktop++] = $tagi;
1423 if ($depth == $stacktop) {
1424 $startPoint = $key;
1425 }
1426 $tagi = ['tag' => $val['tag']];
1427 if (isset($val['attributes'])) {
1428 $tagi['attrs'] = $val['attributes'];
1429 }
1430 if (isset($val['value'])) {
1431 $tagi['values'][] = $val['value'];
1432 }
1433 }
1434 // finish tag:
1435 if ($type === 'complete' || $type === 'close') {
1436 $oldtagi = $tagi;
1437 $tagi = $stack[--$stacktop];
1438 $oldtag = $oldtagi['tag'];
1439 unset($oldtagi['tag']);
1440 if ($depth == $stacktop + 1) {
1441 if ($key - $startPoint > 0) {
1442 $partArray = array_slice($vals, $startPoint + 1, $key - $startPoint - 1);
1443 $oldtagi['XMLvalue'] = self::xmlRecompileFromStructValArray($partArray);
1444 } else {
1445 $oldtagi['XMLvalue'] = $oldtagi['values'][0];
1446 }
1447 }
1448 $tagi['ch'][$oldtag][] = $oldtagi;
1449 unset($oldtagi);
1450 }
1451 // cdata
1452 if ($type === 'cdata') {
1453 $tagi['values'][] = $val['value'];
1454 }
1455 }
1456 return $tagi['ch'];
1457 }
1458
1459 /**
1460 * Converts a PHP array into an XML string.
1461 * The XML output is optimized for readability since associative keys are used as tag names.
1462 * This also means that only alphanumeric characters are allowed in the tag names AND only keys NOT starting with numbers (so watch your usage of keys!). However there are options you can set to avoid this problem.
1463 * Numeric keys are stored with the default tag name "numIndex" but can be overridden to other formats)
1464 * The function handles input values from the PHP array in a binary-safe way; All characters below 32 (except 9,10,13) will trigger the content to be converted to a base64-string
1465 * The PHP variable type of the data IS preserved as long as the types are strings, arrays, integers and booleans. Strings are the default type unless the "type" attribute is set.
1466 * The output XML has been tested with the PHP XML-parser and parses OK under all tested circumstances with 4.x versions. However, with PHP5 there seems to be the need to add an XML prologue a la <?xml version="1.0" encoding="[charset]" standalone="yes" ?> - otherwise UTF-8 is assumed! Unfortunately, many times the output from this function is used without adding that prologue meaning that non-ASCII characters will break the parsing!! This suchs of course! Effectively it means that the prologue should always be prepended setting the right characterset, alternatively the system should always run as utf-8!
1467 * However using MSIE to read the XML output didn't always go well: One reason could be that the character encoding is not observed in the PHP data. The other reason may be if the tag-names are invalid in the eyes of MSIE. Also using the namespace feature will make MSIE break parsing. There might be more reasons...
1468 *
1469 * @param array $array The input PHP array with any kind of data; text, binary, integers. Not objects though.
1470 * @param string $NSprefix tag-prefix, eg. a namespace prefix like "T3:"
1471 * @param int $level Current recursion level. Don't change, stay at zero!
1472 * @param string $docTag Alternative document tag. Default is "phparray".
1473 * @param int $spaceInd If greater than zero, then the number of spaces corresponding to this number is used for indenting, if less than zero - no indentation, if zero - a single TAB is used
1474 * @param array $options Options for the compilation. Key "useNindex" => 0/1 (boolean: whether to use "n0, n1, n2" for num. indexes); Key "useIndexTagForNum" => "[tag for numerical indexes]"; Key "useIndexTagForAssoc" => "[tag for associative indexes"; Key "parentTagMap" => array('parentTag' => 'thisLevelTag')
1475 * @param array $stackData Stack data. Don't touch.
1476 * @return string An XML string made from the input content in the array.
1477 * @see xml2array()
1478 */
1479 public static function array2xml(array $array, $NSprefix = '', $level = 0, $docTag = 'phparray', $spaceInd = 0, array $options = [], array $stackData = [])
1480 {
1481 // The list of byte values which will trigger binary-safe storage. If any value has one of these char values in it, it will be encoded in base64
1482 $binaryChars = "\0" . chr(1) . chr(2) . chr(3) . chr(4) . chr(5) . chr(6) . chr(7) . chr(8) . chr(11) . chr(12) . chr(14) . chr(15) . chr(16) . chr(17) . chr(18) . chr(19) . chr(20) . chr(21) . chr(22) . chr(23) . chr(24) . chr(25) . chr(26) . chr(27) . chr(28) . chr(29) . chr(30) . chr(31);
1483 // Set indenting mode:
1484 $indentChar = $spaceInd ? ' ' : "\t";
1485 $indentN = $spaceInd > 0 ? $spaceInd : 1;
1486 $nl = $spaceInd >= 0 ? LF : '';
1487 // Init output variable:
1488 $output = '';
1489 // Traverse the input array
1490 foreach ($array as $k => $v) {
1491 $attr = '';
1492 $tagName = $k;
1493 // Construct the tag name.
1494 // Use tag based on grand-parent + parent tag name
1495 if (isset($stackData['grandParentTagName'], $stackData['parentTagName'], $options['grandParentTagMap'][$stackData['grandParentTagName'] . '/' . $stackData['parentTagName']])) {
1496 $attr .= ' index="' . htmlspecialchars($tagName) . '"';
1497 $tagName = (string)$options['grandParentTagMap'][$stackData['grandParentTagName'] . '/' . $stackData['parentTagName']];
1498 } elseif (isset($stackData['parentTagName'], $options['parentTagMap'][$stackData['parentTagName'] . ':_IS_NUM']) && MathUtility::canBeInterpretedAsInteger($tagName)) {
1499 // Use tag based on parent tag name + if current tag is numeric
1500 $attr .= ' index="' . htmlspecialchars($tagName) . '"';
1501 $tagName = (string)$options['parentTagMap'][$stackData['parentTagName'] . ':_IS_NUM'];
1502 } elseif (isset($stackData['parentTagName'], $options['parentTagMap'][$stackData['parentTagName'] . ':' . $tagName])) {
1503 // Use tag based on parent tag name + current tag
1504 $attr .= ' index="' . htmlspecialchars($tagName) . '"';
1505 $tagName = (string)$options['parentTagMap'][$stackData['parentTagName'] . ':' . $tagName];
1506 } elseif (isset($stackData['parentTagName'], $options['parentTagMap'][$stackData['parentTagName']])) {
1507 // Use tag based on parent tag name:
1508 $attr .= ' index="' . htmlspecialchars($tagName) . '"';
1509 $tagName = (string)$options['parentTagMap'][$stackData['parentTagName']];
1510 } elseif (MathUtility::canBeInterpretedAsInteger($tagName)) {
1511 // If integer...;
1512 if ($options['useNindex']) {
1513 // If numeric key, prefix "n"
1514 $tagName = 'n' . $tagName;
1515 } else {
1516 // Use special tag for num. keys:
1517 $attr .= ' index="' . $tagName . '"';
1518 $tagName = $options['useIndexTagForNum'] ?: 'numIndex';
1519 }
1520 } elseif (!empty($options['useIndexTagForAssoc'])) {
1521 // Use tag for all associative keys:
1522 $attr .= ' index="' . htmlspecialchars($tagName) . '"';
1523 $tagName = $options['useIndexTagForAssoc'];
1524 }
1525 // The tag name is cleaned up so only alphanumeric chars (plus - and _) are in there and not longer than 100 chars either.
1526 $tagName = substr(preg_replace('/[^[:alnum:]_-]/', '', $tagName), 0, 100);
1527 // If the value is an array then we will call this function recursively:
1528 if (is_array($v)) {
1529 // Sub elements:
1530 if (isset($options['alt_options']) && $options['alt_options'][($stackData['path'] ?? '') . '/' . $tagName]) {
1531 $subOptions = $options['alt_options'][$stackData['path'] . '/' . $tagName];
1532 $clearStackPath = $subOptions['clearStackPath'];
1533 } else {
1534 $subOptions = $options;
1535 $clearStackPath = false;
1536 }
1537 if (empty($v)) {
1538 $content = '';
1539 } else {
1540 $content = $nl . self::array2xml($v, $NSprefix, $level + 1, '', $spaceInd, $subOptions, [
1541 'parentTagName' => $tagName,
1542 'grandParentTagName' => $stackData['parentTagName'] ?? '',
1543 'path' => $clearStackPath ? '' : ($stackData['path'] ?? '') . '/' . $tagName
1544 ]) . ($spaceInd >= 0 ? str_pad('', ($level + 1) * $indentN, $indentChar) : '');
1545 }
1546 // Do not set "type = array". Makes prettier XML but means that empty arrays are not restored with xml2array
1547 if (!isset($options['disableTypeAttrib']) || (int)$options['disableTypeAttrib'] != 2) {
1548 $attr .= ' type="array"';
1549 }
1550 } else {
1551 // Just a value:
1552 // Look for binary chars:
1553 $vLen = strlen($v);
1554 // Go for base64 encoding if the initial segment NOT matching any binary char has the same length as the whole string!
1555 if ($vLen && strcspn($v, $binaryChars) != $vLen) {
1556 // If the value contained binary chars then we base64-encode it an set an attribute to notify this situation:
1557 $content = $nl . chunk_split(base64_encode($v));
1558 $attr .= ' base64="1"';
1559 } else {
1560 // Otherwise, just htmlspecialchar the stuff:
1561 $content = htmlspecialchars($v);
1562 $dType = gettype($v);
1563 if ($dType === 'string') {
1564 if (isset($options['useCDATA']) && $options['useCDATA'] && $content != $v) {
1565 $content = '<![CDATA[' . $v . ']]>';
1566 }
1567 } elseif (!$options['disableTypeAttrib']) {
1568 $attr .= ' type="' . $dType . '"';
1569 }
1570 }
1571 }
1572 if ((string)$tagName !== '') {
1573 // Add the element to the output string:
1574 $output .= ($spaceInd >= 0 ? str_pad('', ($level + 1) * $indentN, $indentChar) : '')
1575 . '<' . $NSprefix . $tagName . $attr . '>' . $content . '</' . $NSprefix . $tagName . '>' . $nl;
1576 }
1577 }
1578 // If we are at the outer-most level, then we finally wrap it all in the document tags and return that as the value:
1579 if (!$level) {
1580 $output = '<' . $docTag . '>' . $nl . $output . '</' . $docTag . '>';
1581 }
1582 return $output;
1583 }
1584
1585 /**
1586 * Converts an XML string to a PHP array.
1587 * This is the reverse function of array2xml()
1588 * This is a wrapper for xml2arrayProcess that adds a two-level cache
1589 *
1590 * @param string $string XML content to convert into an array
1591 * @param string $NSprefix The tag-prefix resolve, eg. a namespace like "T3:"
1592 * @param bool $reportDocTag If set, the document tag will be set in the key "_DOCUMENT_TAG" of the output array
1593 * @return mixed If the parsing had errors, a string with the error message is returned. Otherwise an array with the content.
1594 * @see array2xml(),xml2arrayProcess()
1595 */
1596 public static function xml2array($string, $NSprefix = '', $reportDocTag = false)
1597 {
1598 $runtimeCache = static::makeInstance(CacheManager::class)->getCache('cache_runtime');
1599 $firstLevelCache = $runtimeCache->get('generalUtilityXml2Array') ?: [];
1600 $identifier = md5($string . $NSprefix . ($reportDocTag ? '1' : '0'));
1601 // Look up in first level cache
1602 if (empty($firstLevelCache[$identifier])) {
1603 $firstLevelCache[$identifier] = self::xml2arrayProcess(trim($string), $NSprefix, $reportDocTag);
1604 $runtimeCache->set('generalUtilityXml2Array', $firstLevelCache);
1605 }
1606 return $firstLevelCache[$identifier];
1607 }
1608
1609 /**
1610 * Converts an XML string to a PHP array.
1611 * This is the reverse function of array2xml()
1612 *
1613 * @param string $string XML content to convert into an array
1614 * @param string $NSprefix The tag-prefix resolve, eg. a namespace like "T3:"
1615 * @param bool $reportDocTag If set, the document tag will be set in the key "_DOCUMENT_TAG" of the output array
1616 * @return mixed If the parsing had errors, a string with the error message is returned. Otherwise an array with the content.
1617 * @see array2xml()
1618 */
1619 protected static function xml2arrayProcess($string, $NSprefix = '', $reportDocTag = false)
1620 {
1621 // Disables the functionality to allow external entities to be loaded when parsing the XML, must be kept
1622 $previousValueOfEntityLoader = libxml_disable_entity_loader(true);
1623 // Create parser:
1624 $parser = xml_parser_create();
1625 $vals = [];
1626 $index = [];
1627 xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, 0);
1628 xml_parser_set_option($parser, XML_OPTION_SKIP_WHITE, 0);
1629 // Default output charset is UTF-8, only ASCII, ISO-8859-1 and UTF-8 are supported!!!
1630 $match = [];
1631 preg_match('/^[[:space:]]*<\\?xml[^>]*encoding[[:space:]]*=[[:space:]]*"([^"]*)"/', substr($string, 0, 200), $match);
1632 $theCharset = $match[1] ?? 'utf-8';
1633 // us-ascii / utf-8 / iso-8859-1
1634 xml_parser_set_option($parser, XML_OPTION_TARGET_ENCODING, $theCharset);
1635 // Parse content:
1636 xml_parse_into_struct($parser, $string, $vals, $index);
1637 libxml_disable_entity_loader($previousValueOfEntityLoader);
1638 // If error, return error message:
1639 if (xml_get_error_code($parser)) {
1640 return 'Line ' . xml_get_current_line_number($parser) . ': ' . xml_error_string(xml_get_error_code($parser));
1641 }
1642 xml_parser_free($parser);
1643 // Init vars:
1644 $stack = [[]];
1645 $stacktop = 0;
1646 $current = [];
1647 $tagName = '';
1648 $documentTag = '';
1649 // Traverse the parsed XML structure:
1650 foreach ($vals as $key => $val) {
1651 // First, process the tag-name (which is used in both cases, whether "complete" or "close")
1652 $tagName = $val['tag'];
1653 if (!$documentTag) {
1654 $documentTag = $tagName;
1655 }
1656 // Test for name space:
1657 $tagName = $NSprefix && substr($tagName, 0, strlen($NSprefix)) == $NSprefix ? substr($tagName, strlen($NSprefix)) : $tagName;
1658 // Test for numeric tag, encoded on the form "nXXX":
1659 $testNtag = substr($tagName, 1);
1660 // Closing tag.
1661 $tagName = $tagName[0] === 'n' && MathUtility::canBeInterpretedAsInteger($testNtag) ? (int)$testNtag : $tagName;
1662 // Test for alternative index value:
1663 if ((string)($val['attributes']['index'] ?? '') !== '') {
1664 $tagName = $val['attributes']['index'];
1665 }
1666 // Setting tag-values, manage stack:
1667 switch ($val['type']) {
1668 case 'open':
1669 // If open tag it means there is an array stored in sub-elements. Therefore increase the stackpointer and reset the accumulation array:
1670 // Setting blank place holder
1671 $current[$tagName] = [];
1672 $stack[$stacktop++] = $current;
1673 $current = [];
1674 break;
1675 case 'close':
1676 // If the tag is "close" then it is an array which is closing and we decrease the stack pointer.
1677 $oldCurrent = $current;
1678 $current = $stack[--$stacktop];
1679 // Going to the end of array to get placeholder key, key($current), and fill in array next:
1680 end($current);
1681 $current[key($current)] = $oldCurrent;
1682 unset($oldCurrent);
1683 break;
1684 case 'complete':
1685 // If "complete", then it's a value. If the attribute "base64" is set, then decode the value, otherwise just set it.
1686 if (!empty($val['attributes']['base64'])) {
1687 $current[$tagName] = base64_decode($val['value']);
1688 } else {
1689 // Had to cast it as a string - otherwise it would be evaluate FALSE if tested with isset()!!
1690 $current[$tagName] = (string)($val['value'] ?? '');
1691 // Cast type:
1692 switch ((string)($val['attributes']['type'] ?? '')) {
1693 case 'integer':
1694 $current[$tagName] = (int)$current[$tagName];
1695 break;
1696 case 'double':
1697 $current[$tagName] = (double)$current[$tagName];
1698 break;
1699 case 'boolean':
1700 $current[$tagName] = (bool)$current[$tagName];
1701 break;
1702 case 'NULL':
1703 $current[$tagName] = null;
1704 break;
1705 case 'array':
1706 // MUST be an empty array since it is processed as a value; Empty arrays would end up here because they would have no tags inside...
1707 $current[$tagName] = [];
1708 break;
1709 }
1710 }
1711 break;
1712 }
1713 }
1714 if ($reportDocTag) {
1715 $current[$tagName]['_DOCUMENT_TAG'] = $documentTag;
1716 }
1717 // Finally return the content of the document tag.
1718 return $current[$tagName];
1719 }
1720
1721 /**
1722 * This implodes an array of XML parts (made with xml_parse_into_struct()) into XML again.
1723 *
1724 * @param array $vals An array of XML parts, see xml2tree
1725 * @return string Re-compiled XML data.
1726 */
1727 public static function xmlRecompileFromStructValArray(array $vals)
1728 {
1729 $XMLcontent = '';
1730 foreach ($vals as $val) {
1731 $type = $val['type'];
1732 // Open tag:
1733 if ($type === 'open' || $type === 'complete') {
1734 $XMLcontent .= '<' . $val['tag'];
1735 if (isset($val['attributes'])) {
1736 foreach ($val['attributes'] as $k => $v) {
1737 $XMLcontent .= ' ' . $k . '="' . htmlspecialchars($v) . '"';
1738 }
1739 }
1740 if ($type === 'complete') {
1741 if (isset($val['value'])) {
1742 $XMLcontent .= '>' . htmlspecialchars($val['value']) . '</' . $val['tag'] . '>';
1743 } else {
1744 $XMLcontent .= '/>';
1745 }
1746 } else {
1747 $XMLcontent .= '>';
1748 }
1749 if ($type === 'open' && isset($val['value'])) {
1750 $XMLcontent .= htmlspecialchars($val['value']);
1751 }
1752 }
1753 // Finish tag:
1754 if ($type === 'close') {
1755 $XMLcontent .= '</' . $val['tag'] . '>';
1756 }
1757 // Cdata
1758 if ($type === 'cdata') {
1759 $XMLcontent .= htmlspecialchars($val['value']);
1760 }
1761 }
1762 return $XMLcontent;
1763 }
1764
1765 /**
1766 * Minifies JavaScript
1767 *
1768 * @param string $script Script to minify
1769 * @param string $error Error message (if any)
1770 * @return string Minified script or source string if error happened
1771 */
1772 public static function minifyJavaScript($script, &$error = '')
1773 {
1774 $fakeThis = false;
1775 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_div.php']['minifyJavaScript'] ?? [] as $hookMethod) {
1776 try {
1777 $parameters = ['script' => $script];
1778 $script = static::callUserFunction($hookMethod, $parameters, $fakeThis);
1779 } catch (\Exception $e) {
1780 $errorMessage = 'Error minifying java script: ' . $e->getMessage();
1781 $error .= $errorMessage;
1782 static::getLogger()->warning($errorMessage, [
1783 'JavaScript' => $script,
1784 'hook' => $hookMethod,
1785 'exception' => $e,
1786 ]);
1787 }
1788 }
1789 return $script;
1790 }
1791
1792 /*************************
1793 *
1794 * FILES FUNCTIONS
1795 *
1796 *************************/
1797 /**
1798 * Reads the file or url $url and returns the content
1799 * If you are having trouble with proxies when reading URLs you can configure your way out of that with settings within $GLOBALS['TYPO3_CONF_VARS']['HTTP'].
1800 *
1801 * @param string $url File/URL to read
1802 * @param int $includeHeader Whether the HTTP header should be fetched or not. 0=disable, 1=fetch header+content, 2=fetch header only
1803 * @param array $requestHeaders HTTP headers to be used in the request
1804 * @param array $report Error code/message and, if $includeHeader is 1, response meta data (HTTP status and content type)
1805 * @return mixed The content from the resource given as input. FALSE if an error has occurred.
1806 */
1807 public static function getUrl($url, $includeHeader = 0, $requestHeaders = null, &$report = null)
1808 {
1809 if (isset($report)) {
1810 $report['error'] = 0;
1811 $report['message'] = '';
1812 }
1813 // Looks like it's an external file, use Guzzle by default
1814 if (preg_match('/^(?:http|ftp)s?|s(?:ftp|cp):/', $url)) {
1815 /** @var RequestFactory $requestFactory */
1816 $requestFactory = static::makeInstance(RequestFactory::class);
1817 if (is_array($requestHeaders)) {
1818 // Check is $requestHeaders is an associative array or not
1819 if (count(array_filter(array_keys($requestHeaders), 'is_string')) === 0) {
1820 trigger_error('Request headers as colon-separated string are deprecated, use an associative array instead.', E_USER_DEPRECATED);
1821 // Convert cURL style lines of headers to Guzzle key/value(s) pairs.
1822 $requestHeaders = static::splitHeaderLines($requestHeaders);
1823 }
1824 $configuration = ['headers' => $requestHeaders];
1825 } else {
1826 $configuration = [];
1827 }
1828 $includeHeader = (int)$includeHeader;
1829 $method = $includeHeader === 2 ? 'HEAD' : 'GET';
1830 try {
1831 if (isset($report)) {
1832 $report['lib'] = 'GuzzleHttp';
1833 }
1834 $response = $requestFactory->request($url, $method, $configuration);
1835 } catch (RequestException $exception) {
1836 if (isset($report)) {
1837 $report['error'] = $exception->getCode() ?: 1518707554;
1838 $report['message'] = $exception->getMessage();
1839 $report['exception'] = $exception;
1840 }
1841 return false;
1842 }
1843 $content = '';
1844 // Add the headers to the output
1845 if ($includeHeader) {
1846 $parsedURL = parse_url($url);
1847 $content = $method . ' ' . ($parsedURL['path'] ?? '/')
1848 . (!empty($parsedURL['query']) ? '?' . $parsedURL['query'] : '') . ' HTTP/1.0' . CRLF
1849 . 'Host: ' . $parsedURL['host'] . CRLF
1850 . 'Connection: close' . CRLF;
1851 if (is_array($requestHeaders)) {
1852 $content .= implode(CRLF, $requestHeaders) . CRLF;
1853 }
1854 foreach ($response->getHeaders() as $headerName => $headerValues) {
1855 $content .= $headerName . ': ' . implode(', ', $headerValues) . CRLF;
1856 }
1857 // Headers are separated from the body with two CRLFs
1858 $content .= CRLF;
1859 }
1860
1861 $content .= $response->getBody()->getContents();
1862
1863 if (isset($report)) {
1864 if ($response->getStatusCode() >= 300 && $response->getStatusCode() < 400) {
1865 $report['http_code'] = $response->getStatusCode();
1866 $report['content_type'] = $response->getHeaderLine('Content-Type');
1867 $report['error'] = $response->getStatusCode();
1868 $report['message'] = $response->getReasonPhrase();
1869 } elseif (empty($content)) {
1870 $report['error'] = $response->getStatusCode();
1871 $report['message'] = $response->getReasonPhrase();
1872 } elseif ($includeHeader) {
1873 // Set only for $includeHeader to work exactly like PHP variant
1874 $report['http_code'] = $response->getStatusCode();
1875 $report['content_type'] = $response->getHeaderLine('Content-Type');
1876 }
1877 }
1878 } else {
1879 if (isset($report)) {
1880 $report['lib'] = 'file';
1881 }
1882 $content = @file_get_contents($url);
1883 if ($content === false && isset($report)) {
1884 $report['error'] = -1;
1885 $report['message'] = 'Couldn\'t get URL: ' . $url;
1886 }
1887 }
1888 return $content;
1889 }
1890
1891 /**
1892 * Split an array of MIME header strings into an associative array.
1893 * Multiple headers with the same name have their values merged as an array.
1894 *
1895 * @static
1896 * @param array $headers List of headers, eg. ['Foo: Bar', 'Foo: Baz']
1897 * @return array Key/Value(s) pairs of headers, eg. ['Foo' => ['Bar', 'Baz']]
1898 */
1899 protected static function splitHeaderLines(array $headers): array
1900 {
1901 $newHeaders = [];
1902 foreach ($headers as $header) {
1903 $parts = preg_split('/:[ \t]*/', $header, 2, PREG_SPLIT_NO_EMPTY);
1904 if (count($parts) !== 2) {
1905 continue;
1906 }
1907 $key = &$parts[0];
1908 $value = &$parts[1];
1909 if (array_key_exists($key, $newHeaders)) {
1910 if (is_array($newHeaders[$key])) {
1911 $newHeaders[$key][] = $value;
1912 } else {
1913 $prevValue = &$newHeaders[$key];
1914 $newHeaders[$key] = [$prevValue, $value];
1915 }
1916 } else {
1917 $newHeaders[$key] = $value;
1918 }
1919 }
1920 return $newHeaders;
1921 }
1922
1923 /**
1924 * Writes $content to the file $file
1925 *
1926 * @param string $file Filepath to write to
1927 * @param string $content Content to write
1928 * @param bool $changePermissions If TRUE, permissions are forced to be set
1929 * @return bool TRUE if the file was successfully opened and written to.
1930 */
1931 public static function writeFile($file, $content, $changePermissions = false)
1932 {
1933 if (!@is_file($file)) {
1934 $changePermissions = true;
1935 }
1936 if ($fd = fopen($file, 'wb')) {
1937 $res = fwrite($fd, $content);
1938 fclose($fd);
1939 if ($res === false) {
1940 return false;
1941 }
1942 // Change the permissions only if the file has just been created
1943 if ($changePermissions) {
1944 static::fixPermissions($file);
1945 }
1946 return true;
1947 }
1948 return false;
1949 }
1950
1951 /**
1952 * Sets the file system mode and group ownership of a file or a folder.
1953 *
1954 * @param string $path Path of file or folder, must not be escaped. Path can be absolute or relative
1955 * @param bool $recursive If set, also fixes permissions of files and folders in the folder (if $path is a folder)
1956 * @return mixed TRUE on success, FALSE on error, always TRUE on Windows OS
1957 */
1958 public static function fixPermissions($path, $recursive = false)
1959 {
1960 if (Environment::isWindows()) {
1961 return true;
1962 }
1963 $result = false;
1964 // Make path absolute
1965 if (!static::isAbsPath($path)) {
1966 $path = static::getFileAbsFileName($path);
1967 }
1968 if (static::isAllowedAbsPath($path)) {
1969 if (@is_file($path)) {
1970 $targetPermissions = $GLOBALS['TYPO3_CONF_VARS']['SYS']['fileCreateMask'] ?? '0644';
1971 } elseif (@is_dir($path)) {
1972 $targetPermissions = $GLOBALS['TYPO3_CONF_VARS']['SYS']['folderCreateMask'] ?? '0755';
1973 }
1974 if (!empty($targetPermissions)) {
1975 // make sure it's always 4 digits
1976 $targetPermissions = str_pad($targetPermissions, 4, 0, STR_PAD_LEFT);
1977 $targetPermissions = octdec($targetPermissions);
1978 // "@" is there because file is not necessarily OWNED by the user
1979 $result = @chmod($path, $targetPermissions);
1980 }
1981 // Set createGroup if not empty
1982 if (
1983 isset($GLOBALS['TYPO3_CONF_VARS']['SYS']['createGroup'])
1984 && $GLOBALS['TYPO3_CONF_VARS']['SYS']['createGroup'] !== ''
1985 ) {
1986 // "@" is there because file is not necessarily OWNED by the user
1987 $changeGroupResult = @chgrp($path, $GLOBALS['TYPO3_CONF_VARS']['SYS']['createGroup']);
1988 $result = $changeGroupResult ? $result : false;
1989 }
1990 // Call recursive if recursive flag if set and $path is directory
1991 if ($recursive && @is_dir($path)) {
1992 $handle = opendir($path);
1993 if (is_resource($handle)) {
1994 while (($file = readdir($handle)) !== false) {
1995 $recursionResult = null;
1996 if ($file !== '.' && $file !== '..') {
1997 if (@is_file($path . '/' . $file)) {
1998 $recursionResult = static::fixPermissions($path . '/' . $file);
1999 } elseif (@is_dir($path . '/' . $file)) {
2000 $recursionResult = static::fixPermissions($path . '/' . $file, true);
2001 }
2002 if (isset($recursionResult) && !$recursionResult) {
2003 $result = false;
2004 }
2005 }
2006 }
2007 closedir($handle);
2008 }
2009 }
2010 }
2011 return $result;
2012 }
2013
2014 /**
2015 * Writes $content to a filename in the typo3temp/ folder (and possibly one or two subfolders...)
2016 * Accepts an additional subdirectory in the file path!
2017 *
2018 * @param string $filepath Absolute file path to write within the typo3temp/ or Environment::getVarPath() folder - the file path must be prefixed with this path
2019 * @param string $content Content string to write
2020 * @return string Returns NULL on success, otherwise an error string telling about the problem.
2021 */
2022 public static function writeFileToTypo3tempDir($filepath, $content)
2023 {
2024 // Parse filepath into directory and basename:
2025 $fI = pathinfo($filepath);
2026 $fI['dirname'] .= '/';
2027 // Check parts:
2028 if (!static::validPathStr($filepath) || !$fI['basename'] || strlen($fI['basename']) >= 60) {
2029 return 'Input filepath "' . $filepath . '" was generally invalid!';
2030 }
2031
2032 // Setting main temporary directory name (standard)
2033 $allowedPathPrefixes = [
2034 Environment::getPublicPath() . '/typo3temp' => 'Environment::getPublicPath() + "/typo3temp/"'
2035 ];
2036 // Also allow project-path + /var/
2037 if (Environment::getVarPath() !== Environment::getPublicPath() . '/typo3temp/var') {
2038 $relPath = substr(Environment::getVarPath(), strlen(Environment::getProjectPath()) + 1);
2039 $allowedPathPrefixes[Environment::getVarPath()] = 'ProjectPath + ' . $relPath;
2040 }
2041
2042 $errorMessage = null;
2043 foreach ($allowedPathPrefixes as $pathPrefix => $prefixLabel) {
2044 $dirName = $pathPrefix . '/';
2045 // Invalid file path, let's check for the other path, if it exists
2046 if (!static::isFirstPartOfStr($fI['dirname'], $dirName)) {
2047 if ($errorMessage === null) {
2048 $errorMessage = '"' . $fI['dirname'] . '" was not within directory ' . $prefixLabel;
2049 }
2050 continue;
2051 }
2052 // This resets previous error messages from the first path
2053 $errorMessage = null;
2054
2055 if (!@is_dir($dirName)) {
2056 $errorMessage = $prefixLabel . ' was not a directory!';
2057 // continue and see if the next iteration resets the errorMessage above
2058 continue;
2059 }
2060 // Checking if the "subdir" is found
2061 $subdir = substr($fI['dirname'], strlen($dirName));
2062 if ($subdir) {
2063 if (preg_match('#^(?:[[:alnum:]_]+/)+$#', $subdir)) {
2064 $dirName .= $subdir;
2065 if (!@is_dir($dirName)) {
2066 static::mkdir_deep($pathPrefix . '/' . $subdir);
2067 }
2068 } else {
2069 $errorMessage = 'Subdir, "' . $subdir . '", was NOT on the form "[[:alnum:]_]/+"';
2070 break;
2071 }
2072 }
2073 // Checking dir-name again (sub-dir might have been created)
2074 if (@is_dir($dirName)) {
2075 if ($filepath === $dirName . $fI['basename']) {
2076 static::writeFile($filepath, $content);
2077 if (!@is_file($filepath)) {
2078 $errorMessage = 'The file was not written to the disk. Please, check that you have write permissions to the ' . $prefixLabel . ' directory.';
2079 break;
2080 }
2081 } else {
2082 $errorMessage = 'Calculated file location didn\'t match input "' . $filepath . '".';
2083 break;
2084 }
2085 } else {
2086 $errorMessage = '"' . $dirName . '" is not a directory!';
2087 break;
2088 }
2089 }
2090 return $errorMessage;
2091 }
2092
2093 /**
2094 * Wrapper function for mkdir.
2095 * Sets folder permissions according to $GLOBALS['TYPO3_CONF_VARS']['SYS']['folderCreateMask']
2096 * and group ownership according to $GLOBALS['TYPO3_CONF_VARS']['SYS']['createGroup']
2097 *
2098 * @param string $newFolder Absolute path to folder, see PHP mkdir() function. Removes trailing slash internally.
2099 * @return bool TRUE if @mkdir went well!
2100 */
2101 public static function mkdir($newFolder)
2102 {
2103 $result = @mkdir($newFolder, octdec($GLOBALS['TYPO3_CONF_VARS']['SYS']['folderCreateMask']));
2104 if ($result) {
2105 static::fixPermissions($newFolder);
2106 }
2107 return $result;
2108 }
2109
2110 /**
2111 * Creates a directory - including parent directories if necessary and
2112 * sets permissions on newly created directories.
2113 *
2114 * @param string $directory Target directory to create. Must a have trailing slash
2115 * @param string $deepDirectory Directory to create. This second parameter is deprecated since TYPO3 v9, and will be removed in TYPO3 v10.
2116 * @throws \InvalidArgumentException If $directory or $deepDirectory are not strings
2117 * @throws \RuntimeException If directory could not be created
2118 */
2119 public static function mkdir_deep($directory, $deepDirectory = '')
2120 {
2121 if (!is_string($directory)) {
2122 throw new \InvalidArgumentException('The specified directory is of type "' . gettype($directory) . '" but a string is expected.', 1303662955);
2123 }
2124 if (!is_string($deepDirectory)) {
2125 throw new \InvalidArgumentException('The specified directory is of type "' . gettype($deepDirectory) . '" but a string is expected.', 1303662956);
2126 }
2127 // Ensure there is only one slash
2128 $fullPath = rtrim($directory, '/') . '/';
2129 if ($deepDirectory !== '') {
2130 trigger_error('Second argument $deepDirectory of GeneralUtility::mkdir_deep() will be removed in TYPO3 v10.0, use a combined string as first argument instead.', E_USER_DEPRECATED);
2131 $fullPath .= ltrim($deepDirectory, '/');
2132 }
2133 if ($fullPath !== '/' && !is_dir($fullPath)) {
2134 $firstCreatedPath = static::createDirectoryPath($fullPath);
2135 if ($firstCreatedPath !== '') {
2136 static::fixPermissions($firstCreatedPath, true);
2137 }
2138 }
2139 }
2140
2141 /**
2142 * Creates directories for the specified paths if they do not exist. This
2143 * functions sets proper permission mask but does not set proper user and
2144 * group.
2145 *
2146 * @static
2147 * @param string $fullDirectoryPath
2148 * @return string Path to the the first created directory in the hierarchy
2149 * @see \TYPO3\CMS\Core\Utility\GeneralUtility::mkdir_deep
2150 * @throws \RuntimeException If directory could not be created
2151 */
2152 protected static function createDirectoryPath($fullDirectoryPath)
2153 {
2154 $currentPath = $fullDirectoryPath;
2155 $firstCreatedPath = '';
2156 $permissionMask = octdec($GLOBALS['TYPO3_CONF_VARS']['SYS']['folderCreateMask']);
2157 if (!@is_dir($currentPath)) {
2158 do {
2159 $firstCreatedPath = $currentPath;
2160 $separatorPosition = strrpos($currentPath, DIRECTORY_SEPARATOR);
2161 $currentPath = substr($currentPath, 0, $separatorPosition);
2162 } while (!is_dir($currentPath) && $separatorPosition !== false);
2163 $result = @mkdir($fullDirectoryPath, $permissionMask, true);
2164 // Check existence of directory again to avoid race condition. Directory could have get created by another process between previous is_dir() and mkdir()
2165 if (!$result && !@is_dir($fullDirectoryPath)) {
2166 throw new \RuntimeException('Could not create directory "' . $fullDirectoryPath . '"!', 1170251401);
2167 }
2168 }
2169 return $firstCreatedPath;
2170 }
2171
2172 /**
2173 * Wrapper function for rmdir, allowing recursive deletion of folders and files
2174 *
2175 * @param string $path Absolute path to folder, see PHP rmdir() function. Removes trailing slash internally.
2176 * @param bool $removeNonEmpty Allow deletion of non-empty directories
2177 * @return bool TRUE if @rmdir went well!
2178 */
2179 public static function rmdir($path, $removeNonEmpty = false)
2180 {
2181 $OK = false;
2182 // Remove trailing slash
2183 $path = preg_replace('|/$|', '', $path);
2184 if (file_exists($path)) {
2185 $OK = true;
2186 if (!is_link($path) && is_dir($path)) {
2187 if ($removeNonEmpty == true && ($handle = @opendir($path))) {
2188 while ($OK && false !== ($file = readdir($handle))) {
2189 if ($file === '.' || $file === '..') {
2190 continue;
2191 }
2192 $OK = static::rmdir($path . '/' . $file, $removeNonEmpty);
2193 }
2194 closedir($handle);
2195 }
2196 if ($OK) {
2197 $OK = @rmdir($path);
2198 }
2199 } elseif (is_link($path) && is_dir($path) && Environment::isWindows()) {
2200 $OK = @rmdir($path);
2201 } else {
2202 // If $path is a file, simply remove it
2203 $OK = @unlink($path);
2204 }
2205 clearstatcache();
2206 } elseif (is_link($path)) {
2207 $OK = @unlink($path);
2208 if (!$OK && Environment::isWindows()) {
2209 // Try to delete dead folder links on Windows systems
2210 $OK = @rmdir($path);
2211 }
2212 clearstatcache();
2213 }
2214 return $OK;
2215 }
2216
2217 /**
2218 * Flushes a directory by first moving to a temporary resource, and then
2219 * triggering the remove process. This way directories can be flushed faster
2220 * to prevent race conditions on concurrent processes accessing the same directory.
2221 *
2222 * @param string $directory The directory to be renamed and flushed
2223 * @param bool $keepOriginalDirectory Whether to only empty the directory and not remove it
2224 * @param bool $flushOpcodeCache Also flush the opcode cache right after renaming the directory.
2225 * @return bool Whether the action was successful
2226 */
2227 public static function flushDirectory($directory, $keepOriginalDirectory = false, $flushOpcodeCache = false)
2228 {
2229 $result = false;
2230
2231 if (is_dir($directory)) {
2232 $temporaryDirectory = rtrim($directory, '/') . '.' . StringUtility::getUniqueId('remove') . '/';
2233 if (rename($directory, $temporaryDirectory)) {
2234 if ($flushOpcodeCache) {
2235 self::makeInstance(OpcodeCacheService::class)->clearAllActive($directory);
2236 }
2237 if ($keepOriginalDirectory) {
2238 static::mkdir($directory);
2239 }
2240 clearstatcache();
2241 $result = static::rmdir($temporaryDirectory, true);
2242 }
2243 }
2244
2245 return $result;
2246 }
2247
2248 /**
2249 * Returns an array with the names of folders in a specific path
2250 * Will return 'error' (string) if there were an error with reading directory content.
2251 *
2252 * @param string $path Path to list directories from
2253 * @return array Returns an array with the directory entries as values. If no path, the return value is nothing.
2254 */
2255 public static function get_dirs($path)
2256 {
2257 $dirs = null;
2258 if ($path) {
2259 if (is_dir($path)) {
2260 $dir = scandir($path);
2261 $dirs = [];
2262 foreach ($dir as $entry) {
2263 if (is_dir($path . '/' . $entry) && $entry !== '..' && $entry !== '.') {
2264 $dirs[] = $entry;
2265 }
2266 }
2267 } else {
2268 $dirs = 'error';
2269 }
2270 }
2271 return $dirs;
2272 }
2273
2274 /**
2275 * Finds all files in a given path and returns them as an array. Each
2276 * array key is a md5 hash of the full path to the file. This is done because
2277 * 'some' extensions like the import/export extension depend on this.
2278 *
2279 * @param string $path The path to retrieve the files from.
2280 * @param string $extensionList A comma-separated list of file extensions. Only files of the specified types will be retrieved. When left blank, files of any type will be retrieved.
2281 * @param bool $prependPath If TRUE, the full path to the file is returned. If FALSE only the file name is returned.
2282 * @param string $order The sorting order. The default sorting order is alphabetical. Setting $order to 'mtime' will sort the files by modification time.
2283 * @param string $excludePattern A regular expression pattern of file names to exclude. For example: 'clear.gif' or '(clear.gif|.htaccess)'. The pattern will be wrapped with: '/^' and '$/'.
2284 * @return array|string Array of the files found, or an error message in case the path could not be opened.
2285 */
2286 public static function getFilesInDir($path, $extensionList = '', $prependPath = false, $order = '', $excludePattern = '')
2287 {
2288 $excludePattern = (string)$excludePattern;
2289 $path = rtrim($path, '/');
2290 if (!@is_dir($path)) {
2291 return [];
2292 }
2293
2294 $rawFileList = scandir($path);
2295 if ($rawFileList === false) {
2296 return 'error opening path: "' . $path . '"';
2297 }
2298
2299 $pathPrefix = $path . '/';
2300 $allowedFileExtensionArray = self::trimExplode(',', $extensionList);
2301 $extensionList = ',' . str_replace(' ', '', $extensionList) . ',';
2302 $files = [];
2303 foreach ($rawFileList as $entry) {
2304 $completePathToEntry = $pathPrefix . $entry;
2305 if (!@is_file($completePathToEntry)) {
2306 continue;
2307 }
2308
2309 foreach ($allowedFileExtensionArray as $allowedFileExtension) {
2310 if (
2311 ($extensionList === ',,' || stripos($extensionList, ',' . substr($entry, strlen($allowedFileExtension) * -1, strlen($allowedFileExtension)) . ',') !== false)
2312 && ($excludePattern === '' || !preg_match('/^' . $excludePattern . '$/', $entry))
2313 ) {
2314 if ($order !== 'mtime') {
2315 $files[] = $entry;
2316 } else {
2317 // Store the value in the key so we can do a fast asort later.
2318 $files[$entry] = filemtime($completePathToEntry);
2319 }
2320 }
2321 }
2322 }
2323
2324 $valueName = 'value';
2325 if ($order === 'mtime') {
2326 asort($files);
2327 $valueName = 'key';
2328 }
2329
2330 $valuePathPrefix = $prependPath ? $pathPrefix : '';
2331 $foundFiles = [];
2332 foreach ($files as $key => $value) {
2333 // Don't change this ever - extensions may depend on the fact that the hash is an md5 of the path! (import/export extension)
2334 $foundFiles[md5($pathPrefix . ${$valueName})] = $valuePathPrefix . ${$valueName};
2335 }
2336
2337 return $foundFiles;
2338 }
2339
2340 /**
2341 * Recursively gather all files and folders of a path.
2342 *
2343 * @param array $fileArr Empty input array (will have files added to it)
2344 * @param string $path The path to read recursively from (absolute) (include trailing slash!)
2345 * @param string $extList Comma list of file extensions: Only files with extensions in this list (if applicable) will be selected.
2346 * @param bool $regDirs If set, directories are also included in output.
2347 * @param int $recursivityLevels The number of levels to dig down...
2348 * @param string $excludePattern regex pattern of files/directories to exclude
2349 * @return array An array with the found files/directories.
2350 */
2351 public static function getAllFilesAndFoldersInPath(array $fileArr, $path, $extList = '', $regDirs = false, $recursivityLevels = 99, $excludePattern = '')
2352 {
2353 if ($regDirs) {
2354 $fileArr[md5($path)] = $path;
2355 }
2356 $fileArr = array_merge($fileArr, self::getFilesInDir($path, $extList, 1, 1, $excludePattern));
2357 $dirs = self::get_dirs($path);
2358 if ($recursivityLevels > 0 && is_array($dirs)) {
2359 foreach ($dirs as $subdirs) {
2360 if ((string)$subdirs !== '' && ($excludePattern === '' || !preg_match('/^' . $excludePattern . '$/', $subdirs))) {
2361 $fileArr = self::getAllFilesAndFoldersInPath($fileArr, $path . $subdirs . '/', $extList, $regDirs, $recursivityLevels - 1, $excludePattern);
2362 }
2363 }
2364 }
2365 return $fileArr;
2366 }
2367
2368 /**
2369 * Removes the absolute part of all files/folders in fileArr
2370 *
2371 * @param array $fileArr The file array to remove the prefix from
2372 * @param string $prefixToRemove The prefix path to remove (if found as first part of string!)
2373 * @return array|string The input $fileArr processed, or a string with an error message, when an error occurred.
2374 */
2375 public static function removePrefixPathFromList(array $fileArr, $prefixToRemove)
2376 {
2377 foreach ($fileArr as $k => &$absFileRef) {
2378 if (self::isFirstPartOfStr($absFileRef, $prefixToRemove)) {
2379 $absFileRef = substr($absFileRef, strlen($prefixToRemove));
2380 } else {
2381 return 'ERROR: One or more of the files was NOT prefixed with the prefix-path!';
2382 }
2383 }
2384 unset($absFileRef);
2385 return $fileArr;
2386 }
2387
2388 /**
2389 * Fixes a path for windows-backslashes and reduces double-slashes to single slashes
2390 *
2391 * @param string $theFile File path to process
2392 * @return string
2393 */
2394 public static function fixWindowsFilePath($theFile)
2395 {
2396 return str_replace(['\\', '//'], '/', $theFile);
2397 }
2398
2399 /**
2400 * Resolves "../" sections in the input path string.
2401 * For example "fileadmin/directory/../other_directory/" will be resolved to "fileadmin/other_directory/"
2402 *
2403 * @param string $pathStr File path in which "/../" is resolved
2404 * @return string
2405 */
2406 public static function resolveBackPath($pathStr)
2407 {
2408 if (strpos($pathStr, '..') === false) {
2409 return $pathStr;
2410 }
2411 $parts = explode('/', $pathStr);
2412 $output = [];
2413 $c = 0;
2414 foreach ($parts as $part) {
2415 if ($part === '..') {
2416 if ($c) {
2417 array_pop($output);
2418 --$c;
2419 } else {
2420 $output[] = $part;
2421 }
2422 } else {
2423 ++$c;
2424 $output[] = $part;
2425 }
2426 }
2427 return implode('/', $output);
2428 }
2429
2430 /**
2431 * Prefixes a URL used with 'header-location' with 'http://...' depending on whether it has it already.
2432 * - If already having a scheme, nothing is prepended
2433 * - If having REQUEST_URI slash '/', then prefixing 'http://[host]' (relative to host)
2434 * - Otherwise prefixed with TYPO3_REQUEST_DIR (relative to current dir / TYPO3_REQUEST_DIR)
2435 *
2436 * @param string $path URL / path to prepend full URL addressing to.
2437 * @return string
2438 */
2439 public static function locationHeaderUrl($path)
2440 {
2441 $uI = parse_url($path);
2442 // relative to HOST
2443 if ($path[0] === '/') {
2444 $path = self::getIndpEnv('TYPO3_REQUEST_HOST') . $path;
2445 } elseif (!$uI['scheme']) {
2446 // No scheme either
2447 $path = self::getIndpEnv('TYPO3_REQUEST_DIR') . $path;
2448 }
2449 return $path;
2450 }
2451
2452 /**
2453 * Returns the maximum upload size for a file that is allowed. Measured in KB.
2454 * This might be handy to find out the real upload limit that is possible for this
2455 * TYPO3 installation.
2456 *
2457 * @return int The maximum size of uploads that are allowed (measured in kilobytes)
2458 */
2459 public static function getMaxUploadFileSize()
2460 {
2461 // Check for PHP restrictions of the maximum size of one of the $_FILES
2462 $phpUploadLimit = self::getBytesFromSizeMeasurement(ini_get('upload_max_filesize'));
2463 // Check for PHP restrictions of the maximum $_POST size
2464 $phpPostLimit = self::getBytesFromSizeMeasurement(ini_get('post_max_size'));
2465 // If the total amount of post data is smaller (!) than the upload_max_filesize directive,
2466 // then this is the real limit in PHP
2467 $phpUploadLimit = $phpPostLimit > 0 && $phpPostLimit < $phpUploadLimit ? $phpPostLimit : $phpUploadLimit;
2468 return floor($phpUploadLimit) / 1024;
2469 }
2470
2471 /**
2472 * Gets the bytes value from a measurement string like "100k".
2473 *
2474 * @param string $measurement The measurement (e.g. "100k")
2475 * @return int The bytes value (e.g. 102400)
2476 */
2477 public static function getBytesFromSizeMeasurement($measurement)
2478 {
2479 $bytes = (float)$measurement;
2480 if (stripos($measurement, 'G')) {
2481 $bytes *= 1024 * 1024 * 1024;
2482 } elseif (stripos($measurement, 'M')) {
2483 $bytes *= 1024 * 1024;
2484 } elseif (stripos($measurement, 'K')) {
2485 $bytes *= 1024;
2486 }
2487 return $bytes;
2488 }
2489
2490 /**
2491 * Function for static version numbers on files, based on the filemtime
2492 *
2493 * This will make the filename automatically change when a file is
2494 * changed, and by that re-cached by the browser. If the file does not
2495 * exist physically the original file passed to the function is
2496 * returned without the timestamp.
2497 *
2498 * Behaviour is influenced by the setting
2499 * TYPO3_CONF_VARS[TYPO3_MODE][versionNumberInFilename]
2500 * = TRUE (BE) / "embed" (FE) : modify filename
2501 * = FALSE (BE) / "querystring" (FE) : add timestamp as parameter
2502 *
2503 * @param string $file Relative path to file including all potential query parameters (not htmlspecialchared yet)
2504 * @return string Relative path with version filename including the timestamp
2505 */
2506 public static function createVersionNumberedFilename($file)
2507 {
2508 $lookupFile = explode('?', $file);
2509 $path = self::resolveBackPath(self::dirname(Environment::getCurrentScript()) . '/' . $lookupFile[0]);
2510
2511 $doNothing = false;
2512 if (TYPO3_MODE === 'FE') {
2513 $mode = strtolower($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['versionNumberInFilename']);
2514 if ($mode === 'embed') {
2515 $mode = true;
2516 } else {
2517 if ($mode === 'querystring') {
2518 $mode = false;
2519 } else {
2520 $doNothing = true;
2521 }
2522 }
2523 } else {
2524 $mode = $GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['versionNumberInFilename'];
2525 }
2526 if ($doNothing || !file_exists($path)) {
2527 // File not found, return filename unaltered
2528 $fullName = $file;
2529 } else {
2530 if (!$mode) {
2531 // If use of .htaccess rule is not configured,
2532 // we use the default query-string method
2533 if (!empty($lookupFile[1])) {
2534 $separator = '&';
2535 } else {
2536 $separator = '?';
2537 }
2538 $fullName = $file . $separator . filemtime($path);
2539 } else {
2540 // Change the filename
2541 $name = explode('.', $lookupFile[0]);
2542 $extension = array_pop($name);
2543 array_push($name, filemtime($path), $extension);
2544 $fullName = implode('.', $name);
2545 // Append potential query string
2546 $fullName .= $lookupFile[1] ? '?' . $lookupFile[1] : '';
2547 }
2548 }
2549 return $fullName;
2550 }
2551
2552 /*************************
2553 *
2554 * SYSTEM INFORMATION
2555 *
2556 *************************/
2557
2558 /**
2559 * Returns the link-url to the current script.
2560 * In $getParams you can set associative keys corresponding to the GET-vars you wish to add to the URL. If you set them empty, they will remove existing GET-vars from the current URL.
2561 * REMEMBER to always use htmlspecialchars() for content in href-properties to get ampersands converted to entities (XHTML requirement and XSS precaution)
2562 *
2563 * @param array $getParams Array of GET parameters to include
2564 * @return string
2565 */
2566 public static function linkThisScript(array $getParams = [])
2567 {
2568 $parts = self::getIndpEnv('SCRIPT_NAME');
2569 $params = self::_GET();
2570 foreach ($getParams as $key => $value) {
2571 if ($value !== '') {
2572 $params[$key] = $value;
2573 } else {
2574 unset($params[$key]);
2575 }
2576 }
2577 $pString = self::implodeArrayForUrl('', $params);
2578 return $pString ? $parts . '?' . ltrim($pString, '&') : $parts;
2579 }
2580
2581 /**
2582 * Takes a full URL, $url, possibly with a querystring and overlays the $getParams arrays values onto the quirystring, packs it all together and returns the URL again.
2583 * So basically it adds the parameters in $getParams to an existing URL, $url
2584 *
2585 * @param string $url URL string
2586 * @param array $getParams Array of key/value pairs for get parameters to add/overrule with. Can be multidimensional.
2587 * @return string Output URL with added getParams.
2588 */
2589 public static function linkThisUrl($url, array $getParams = [])
2590 {
2591 $parts = parse_url($url);
2592 $getP = [];
2593 if ($parts['query']) {
2594 parse_str($parts['query'], $getP);
2595 }
2596 ArrayUtility::mergeRecursiveWithOverrule($getP, $getParams);
2597 $uP = explode('?', $url);
2598 $params = self::implodeArrayForUrl('', $getP);
2599 $outurl = $uP[0] . ($params ? '?' . substr($params, 1) : '');
2600 return $outurl;
2601 }
2602
2603 /**
2604 * Abstraction method which returns System Environment Variables regardless of server OS, CGI/MODULE version etc. Basically this is SERVER variables for most of them.
2605 * This should be used instead of getEnv() and $_SERVER/ENV_VARS to get reliable values for all situations.
2606 *
2607 * @param string $getEnvName Name of the "environment variable"/"server variable" you wish to use. Valid values are SCRIPT_NAME, SCRIPT_FILENAME, REQUEST_URI, PATH_INFO, REMOTE_ADDR, REMOTE_HOST, HTTP_REFERER, HTTP_HOST, HTTP_USER_AGENT, HTTP_ACCEPT_LANGUAGE, QUERY_STRING, TYPO3_DOCUMENT_ROOT, TYPO3_HOST_ONLY, TYPO3_HOST_ONLY, TYPO3_REQUEST_HOST, TYPO3_REQUEST_URL, TYPO3_REQUEST_SCRIPT, TYPO3_REQUEST_DIR, TYPO3_SITE_URL, _ARRAY
2608 * @return string Value based on the input key, independent of server/os environment.
2609 * @throws \UnexpectedValueException
2610 */
2611 public static function getIndpEnv($getEnvName)
2612 {
2613 if (isset(self::$indpEnvCache[$getEnvName])) {
2614 return self::$indpEnvCache[$getEnvName];
2615 }
2616
2617 /*
2618 Conventions:
2619 output from parse_url():
2620 URL: http://username:password@192.168.1.4:8080/typo3/32/temp/phpcheck/index.php/arg1/arg2/arg3/?arg1,arg2,arg3&p1=parameter1&p2[key]=value#link1
2621 [scheme] => 'http'
2622 [user] => 'username'
2623 [pass] => 'password'
2624 [host] => '192.168.1.4'
2625 [port] => '8080'
2626 [path] => '/typo3/32/temp/phpcheck/index.php/arg1/arg2/arg3/'
2627 [query] => 'arg1,arg2,arg3&p1=parameter1&p2[key]=value'
2628 [fragment] => 'link1'Further definition: [path_script] = '/typo3/32/temp/phpcheck/index.php'
2629 [path_dir] = '/typo3/32/temp/phpcheck/'
2630 [path_info] = '/arg1/arg2/arg3/'
2631 [path] = [path_script/path_dir][path_info]Keys supported:URI______:
2632 REQUEST_URI = [path]?[query] = /typo3/32/temp/phpcheck/index.php/arg1/arg2/arg3/?arg1,arg2,arg3&p1=parameter1&p2[key]=value
2633 HTTP_HOST = [host][:[port]] = 192.168.1.4:8080
2634 SCRIPT_NAME = [path_script]++ = /typo3/32/temp/phpcheck/index.php // NOTICE THAT SCRIPT_NAME will return the php-script name ALSO. [path_script] may not do that (eg. '/somedir/' may result in SCRIPT_NAME '/somedir/index.php')!
2635 PATH_INFO = [path_info] = /arg1/arg2/arg3/
2636 QUERY_STRING = [query] = arg1,arg2,arg3&p1=parameter1&p2[key]=value
2637 HTTP_REFERER = [scheme]://[host][:[port]][path] = http://192.168.1.4:8080/typo3/32/temp/phpcheck/index.php/arg1/arg2/arg3/?arg1,arg2,arg3&p1=parameter1&p2[key]=value
2638 (Notice: NO username/password + NO fragment)CLIENT____:
2639 REMOTE_ADDR = (client IP)
2640 REMOTE_HOST = (client host)
2641 HTTP_USER_AGENT = (client user agent)
2642 HTTP_ACCEPT_LANGUAGE = (client accept language)SERVER____:
2643 SCRIPT_FILENAME = Absolute filename of script (Differs between windows/unix). On windows 'C:\\blabla\\blabl\\' will be converted to 'C:/blabla/blabl/'Special extras:
2644 TYPO3_HOST_ONLY = [host] = 192.168.1.4
2645 TYPO3_PORT = [port] = 8080 (blank if 80, taken from host value)
2646 TYPO3_REQUEST_HOST = [scheme]://[host][:[port]]
2647 TYPO3_REQUEST_URL = [scheme]://[host][:[port]][path]?[query] (scheme will by default be "http" until we can detect something different)
2648 TYPO3_REQUEST_SCRIPT = [scheme]://[host][:[port]][path_script]
2649 TYPO3_REQUEST_DIR = [scheme]://[host][:[port]][path_dir]
2650 TYPO3_SITE_URL = [scheme]://[host][:[port]][path_dir] of the TYPO3 website frontend
2651 TYPO3_SITE_PATH = [path_dir] of the TYPO3 website frontend
2652 TYPO3_SITE_SCRIPT = [script / Speaking URL] of the TYPO3 website
2653 TYPO3_DOCUMENT_ROOT = Absolute path of root of documents: TYPO3_DOCUMENT_ROOT.SCRIPT_NAME = SCRIPT_FILENAME (typically)
2654 TYPO3_SSL = Returns TRUE if this session uses SSL/TLS (https)
2655 TYPO3_PROXY = Returns TRUE if this session runs over a well known proxyNotice: [fragment] is apparently NEVER available to the script!Testing suggestions:
2656 - Output all the values.
2657 - In the script, make a link to the script it self, maybe add some parameters and click the link a few times so HTTP_REFERER is seen
2658 - ALSO TRY the script from the ROOT of a site (like 'http://www.mytest.com/' and not 'http://www.mytest.com/test/' !!)
2659 */
2660 $retVal = '';
2661 switch ((string)$getEnvName) {
2662 case 'SCRIPT_NAME':
2663 $retVal = self::isRunningOnCgiServerApi()
2664 && (($_SERVER['ORIG_PATH_INFO'] ?? false) ?: ($_SERVER['PATH_INFO'] ?? false))
2665 ? (($_SERVER['ORIG_PATH_INFO'] ?? '') ?: ($_SERVER['PATH_INFO'] ?? ''))
2666 : (($_SERVER['ORIG_SCRIPT_NAME'] ?? '') ?: ($_SERVER['SCRIPT_NAME'] ?? ''));
2667 // Add a prefix if TYPO3 is behind a proxy: ext-domain.com => int-server.com/prefix
2668 if (self::cmpIP(($_SERVER['REMOTE_ADDR'] ?? ''), $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'])) {
2669 if (self::getIndpEnv('TYPO3_SSL') && $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefixSSL']) {
2670 $retVal = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefixSSL'] . $retVal;
2671 } elseif ($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefix']) {
2672 $retVal = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefix'] . $retVal;
2673 }
2674 }
2675 break;
2676 case 'SCRIPT_FILENAME':
2677 $retVal = Environment::getCurrentScript();
2678 break;
2679 case 'REQUEST_URI':
2680 // Typical application of REQUEST_URI is return urls, forms submitting to itself etc. Example: returnUrl='.rawurlencode(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REQUEST_URI'))
2681 if (!empty($GLOBALS['TYPO3_CONF_VARS']['SYS']['requestURIvar'])) {
2682 // This is for URL rewriters that store the original URI in a server variable (eg ISAPI_Rewriter for IIS: HTTP_X_REWRITE_URL)
2683 list($v, $n) = explode('|', $GLOBALS['TYPO3_CONF_VARS']['SYS']['requestURIvar']);
2684 $retVal = $GLOBALS[$v][$n];
2685 } elseif (empty($_SERVER['REQUEST_URI'])) {
2686 // This is for ISS/CGI which does not have the REQUEST_URI available.
2687 $retVal = '/' . ltrim(self::getIndpEnv('SCRIPT_NAME'), '/') . (!empty($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : '');
2688 } else {
2689 $retVal = '/' . ltrim($_SERVER['REQUEST_URI'], '/');
2690 }
2691 // Add a prefix if TYPO3 is behind a proxy: ext-domain.com => int-server.com/prefix
2692 if (isset($_SERVER['REMOTE_ADDR'], $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'])
2693 && self::cmpIP($_SERVER['REMOTE_ADDR'], $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'])
2694 ) {
2695 if (self::getIndpEnv('TYPO3_SSL') && $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefixSSL']) {
2696 $retVal = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefixSSL'] . $retVal;
2697 } elseif ($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefix']) {
2698 $retVal = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefix'] . $retVal;
2699 }
2700 }
2701 break;
2702 case 'PATH_INFO':
2703 // $_SERVER['PATH_INFO'] != $_SERVER['SCRIPT_NAME'] is necessary because some servers (Windows/CGI)
2704 // are seen to set PATH_INFO equal to script_name
2705 // Further, there must be at least one '/' in the path - else the PATH_INFO value does not make sense.
2706 // IF 'PATH_INFO' never works for our purpose in TYPO3 with CGI-servers,
2707 // then 'PHP_SAPI=='cgi'' might be a better check.
2708 // Right now strcmp($_SERVER['PATH_INFO'], GeneralUtility::getIndpEnv('SCRIPT_NAME')) will always
2709 // return FALSE for CGI-versions, but that is only as long as SCRIPT_NAME is set equal to PATH_INFO
2710 // because of PHP_SAPI=='cgi' (see above)
2711 if (!self::isRunningOnCgiServerApi()) {
2712 $retVal = $_SERVER['PATH_INFO'];
2713 }
2714 break;
2715 case 'TYPO3_REV_PROXY':
2716 $retVal = self::cmpIP($_SERVER['REMOTE_ADDR'], $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP']);
2717 break;
2718 case 'REMOTE_ADDR':
2719 $retVal = $_SERVER['REMOTE_ADDR'] ?? null;
2720 if (self::cmpIP($retVal, $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'] ?? '')) {
2721 $ip = self::trimExplode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
2722 // Choose which IP in list to use
2723 if (!empty($ip)) {
2724 switch ($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyHeaderMultiValue']) {
2725 case 'last':
2726 $ip = array_pop($ip);
2727 break;
2728 case 'first':
2729 $ip = array_shift($ip);
2730 break;
2731 case 'none':
2732
2733 default:
2734 $ip = '';
2735 }
2736 }
2737 if (self::validIP($ip)) {
2738 $retVal = $ip;
2739 }
2740 }
2741 break;
2742 case 'HTTP_HOST':
2743 // if it is not set we're most likely on the cli
2744 $retVal = $_SERVER['HTTP_HOST'] ?? null;
2745 if (isset($_SERVER['REMOTE_ADDR']) && static::cmpIP($_SERVER['REMOTE_ADDR'], $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'])) {
2746 $host = self::trimExplode(',', $_SERVER['HTTP_X_FORWARDED_HOST']);
2747 // Choose which host in list to use
2748 if (!empty($host)) {
2749 switch ($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyHeaderMultiValue']) {
2750 case 'last':
2751 $host = array_pop($host);
2752 break;
2753 case 'first':
2754 $host = array_shift($host);
2755 break;
2756 case 'none':
2757
2758 default:
2759 $host = '';
2760 }
2761 }
2762 if ($host) {
2763 $retVal = $host;
2764 }
2765 }
2766 if (!static::isAllowedHostHeaderValue($retVal)) {
2767 throw new \UnexpectedValueException(
2768 'The current host header value does not match the configured trusted hosts pattern! Check the pattern defined in $GLOBALS[\'TYPO3_CONF_VARS\'][\'SYS\'][\'trustedHostsPattern\'] and adapt it, if you want to allow the current host header \'' . $retVal . '\' for your installation.',
2769 1396795884
2770 );
2771 }
2772 break;
2773 case 'HTTP_REFERER':
2774
2775 case 'HTTP_USER_AGENT':
2776
2777 case 'HTTP_ACCEPT_ENCODING':
2778
2779 case 'HTTP_ACCEPT_LANGUAGE':
2780
2781 case 'REMOTE_HOST':
2782
2783 case 'QUERY_STRING':
2784 $retVal = $_SERVER[$getEnvName] ?? '';
2785 break;
2786 case 'TYPO3_DOCUMENT_ROOT':
2787 // Get the web root (it is not the root of the TYPO3 installation)
2788 // The absolute path of the script can be calculated with TYPO3_DOCUMENT_ROOT + SCRIPT_FILENAME
2789 // Some CGI-versions (LA13CGI) and mod-rewrite rules on MODULE versions will deliver a 'wrong' DOCUMENT_ROOT (according to our description). Further various aliases/mod_rewrite rules can disturb this as well.
2790 // Therefore the DOCUMENT_ROOT is now always calculated as the SCRIPT_FILENAME minus the end part shared with SCRIPT_NAME.
2791 $SFN = self::getIndpEnv('SCRIPT_FILENAME');
2792 $SN_A = explode('/', strrev(self::getIndpEnv('SCRIPT_NAME')));
2793 $SFN_A = explode('/', strrev($SFN));
2794 $acc = [];
2795 foreach ($SN_A as $kk => $vv) {
2796 if ((string)$SFN_A[$kk] === (string)$vv) {
2797 $acc[] = $vv;
2798 } else {
2799 break;
2800 }
2801 }
2802 $commonEnd = strrev(implode('/', $acc));
2803 if ((string)$commonEnd !== '') {
2804 $retVal = substr($SFN, 0, -(strlen($commonEnd) + 1));
2805 }
2806 break;
2807 case 'TYPO3_HOST_ONLY':
2808 $httpHost = self::getIndpEnv('HTTP_HOST');
2809 $httpHostBracketPosition = strpos($httpHost, ']');
2810 $httpHostParts = explode(':', $httpHost);
2811 $retVal = $httpHostBracketPosition !== false ? substr($httpHost, 0, $httpHostBracketPosition + 1) : array_shift($httpHostParts);
2812 break;
2813 case 'TYPO3_PORT':
2814 $httpHost = self::getIndpEnv('HTTP_HOST');
2815 $httpHostOnly = self::getIndpEnv('TYPO3_HOST_ONLY');
2816 $retVal = strlen($httpHost) > strlen($httpHostOnly) ? substr($httpHost, strlen($httpHostOnly) + 1) : '';
2817 break;
2818 case 'TYPO3_REQUEST_HOST':
2819 $retVal = (self::getIndpEnv('TYPO3_SSL') ? 'https://' : 'http://') . self::getIndpEnv('HTTP_HOST');
2820 break;
2821 case 'TYPO3_REQUEST_URL':
2822 $retVal = self::getIndpEnv('TYPO3_REQUEST_HOST') . self::getIndpEnv('REQUEST_URI');
2823 break;
2824 case 'TYPO3_REQUEST_SCRIPT':
2825 $retVal = self::getIndpEnv('TYPO3_REQUEST_HOST') . self::getIndpEnv('SCRIPT_NAME');
2826 break;
2827 case 'TYPO3_REQUEST_DIR':
2828 $retVal = self::getIndpEnv('TYPO3_REQUEST_HOST') . self::dirname(self::getIndpEnv('SCRIPT_NAME')) . '/';
2829 break;
2830 case 'TYPO3_SITE_URL':
2831 $url = self::getIndpEnv('TYPO3_REQUEST_DIR');
2832 // This can only be set by external entry scripts
2833 if (defined('TYPO3_PATH_WEB')) {
2834 $retVal = $url;
2835 } elseif (Environment::getCurrentScript()) {
2836 $lPath = PathUtility::stripPathSitePrefix(PathUtility::dirnameDuringBootstrap(Environment::getCurrentScript())) . '/';
2837 $siteUrl = substr($url, 0, -strlen($lPath));
2838 if (substr($siteUrl, -1) !== '/') {
2839 $siteUrl .= '/';
2840 }
2841 $retVal = $siteUrl;
2842 }
2843 break;
2844 case 'TYPO3_SITE_PATH':
2845 $retVal = substr(self::getIndpEnv('TYPO3_SITE_URL'), strlen(self::getIndpEnv('TYPO3_REQUEST_HOST')));
2846 break;
2847 case 'TYPO3_SITE_SCRIPT':
2848 $retVal = substr(self::getIndpEnv('TYPO3_REQUEST_URL'), strlen(self::getIndpEnv('TYPO3_SITE_URL')));
2849 break;
2850 case 'TYPO3_SSL':
2851 $proxySSL = trim($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxySSL']);
2852 if ($proxySSL === '*') {
2853 $proxySSL = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'];
2854 }
2855 if (self::cmpIP($_SERVER['REMOTE_ADDR'] ?? '', $proxySSL)) {
2856 $retVal = true;
2857 } else {
2858 // https://secure.php.net/manual/en/reserved.variables.server.php
2859 // "Set to a non-empty value if the script was queried through the HTTPS protocol."
2860 $retVal = !empty($_SERVER['SSL_SESSION_ID'])
2861 || (!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off');
2862 }
2863 break;
2864 case '_ARRAY':
2865 $out = [];
2866 // Here, list ALL possible keys to this function for debug display.
2867 $envTestVars = [
2868 'HTTP_HOST',
2869 'TYPO3_HOST_ONLY',
2870 'TYPO3_PORT',
2871 'PATH_INFO',
2872 'QUERY_STRING',
2873 'REQUEST_URI',
2874 'HTTP_REFERER',
2875 'TYPO3_REQUEST_HOST',
2876 'TYPO3_REQUEST_URL',
2877 'TYPO3_REQUEST_SCRIPT',
2878 'TYPO3_REQUEST_DIR',
2879 'TYPO3_SITE_URL',
2880 'TYPO3_SITE_SCRIPT',
2881 'TYPO3_SSL',
2882 'TYPO3_REV_PROXY',
2883 'SCRIPT_NAME',
2884 'TYPO3_DOCUMENT_ROOT',
2885 'SCRIPT_FILENAME',
2886 'REMOTE_ADDR',
2887 'REMOTE_HOST',
2888 'HTTP_USER_AGENT',
2889 'HTTP_ACCEPT_LANGUAGE'
2890 ];
2891 foreach ($envTestVars as $v) {
2892 $out[$v] = self::getIndpEnv($v);
2893 }
2894 reset($out);
2895 $retVal = $out;
2896 break;
2897 }
2898 self::$indpEnvCache[$getEnvName] = $retVal;
2899 return $retVal;
2900 }
2901
2902 /**
2903 * Checks if the provided host header value matches the trusted hosts pattern.
2904 * If the pattern is not defined (which only can happen early in the bootstrap), deny any value.
2905 * The result is saved, so the check needs to be executed only once.
2906 *
2907 * @param string $hostHeaderValue HTTP_HOST header value as sent during the request (may include port)
2908 * @return bool
2909 */
2910 public static function isAllowedHostHeaderValue($hostHeaderValue)
2911 {
2912 if (static::$allowHostHeaderValue === true) {
2913 return true;
2914 }
2915
2916 if (static::isInternalRequestType()) {
2917 return static::$allowHostHeaderValue = true;
2918 }
2919
2920 // Deny the value if trusted host patterns is empty, which means we are early in the bootstrap
2921 if (empty($GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'])) {
2922 return false;
2923 }
2924
2925 if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] === self::ENV_TRUSTED_HOSTS_PATTERN_ALLOW_ALL) {
2926 static::$allowHostHeaderValue = true;
2927 } else {
2928 static::$allowHostHeaderValue = static::hostHeaderValueMatchesTrustedHostsPattern($hostHeaderValue);
2929 }
2930
2931 return static::$allowHostHeaderValue;
2932 }
2933
2934 /**
2935 * Checks if the provided host header value matches the trusted hosts pattern without any preprocessing.
2936 *
2937 * @param string $hostHeaderValue
2938 * @return bool
2939 * @internal
2940 */
2941 public static function hostHeaderValueMatchesTrustedHostsPattern($hostHeaderValue)
2942 {
2943 if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] === self::ENV_TRUSTED_HOSTS_PATTERN_SERVER_NAME) {
2944 // Allow values that equal the server name
2945 // Note that this is only secure if name base virtual host are configured correctly in the webserver
2946 $defaultPort = self::getIndpEnv('TYPO3_SSL') ? '443' : '80';
2947 $parsedHostValue = parse_url('http://' . $hostHeaderValue);
2948 if (isset($parsedHostValue['port'])) {
2949 $hostMatch = (strtolower($parsedHostValue['host']) === strtolower($_SERVER['SERVER_NAME']) && (string)$parsedHostValue['port'] === $_SERVER['SERVER_PORT']);
2950 } else {
2951 $hostMatch = (strtolower($hostHeaderValue) === strtolower($_SERVER['SERVER_NAME']) && $defaultPort === $_SERVER['SERVER_PORT']);
2952 }
2953 } else {
2954 // In case name based virtual hosts are not possible, we allow setting a trusted host pattern
2955 // See https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/ for further details
2956 $hostMatch = (bool)preg_match('/^' . $GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] . '$/i', $hostHeaderValue);
2957 }
2958
2959 return $hostMatch;