typo3/sysext/frontend/Classes/Middleware/PageResolver.php

   1 <?php
   2 declare(strict_types = 1);
   3 namespace TYPO3\CMS\Frontend\Middleware;
   4
   5 /*
   6  * This file is part of the TYPO3 CMS project.
   7  *
   8  * It is free software; you can redistribute it and/or modify it under
   9  * the terms of the GNU General Public License, either version 2
  10  * of the License, or any later version.
  11  *
  12  * For the full copyright and license information, please read the
  13  * LICENSE.txt file that was distributed with this source code.
  14  *
  15  * The TYPO3 project - inspiring people to share!
  16  */
  17
  18 use Psr\Http\Message\ResponseInterface;
  19 use Psr\Http\Message\ServerRequestInterface;
  20 use Psr\Http\Server\MiddlewareInterface;
  21 use Psr\Http\Server\RequestHandlerInterface;
  22 use TYPO3\CMS\Core\Type\Bitmask\Permission;
  23 use TYPO3\CMS\Core\Utility\GeneralUtility;
  24 use TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController;
  25
  26 /**
  27  * Process the ID, type and other parameters.
  28  * After this point we have an array, TSFE->page, which is the page-record of the current page, $TSFE->id.
  29  *
  30  * Now, if there is a backend user logged in and he has NO access to this page,
  31  * then re-evaluate the id shown!
  32  */
  33 class PageResolver implements MiddlewareInterface
  34 {
  35     /**
  36      * Resolve the page ID
  37      *
  38      * @param ServerRequestInterface $request
  39      * @param RequestHandlerInterface $handler
  40      * @return ResponseInterface
  41      */
  42     public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
  43     {
  44         $GLOBALS['TSFE']->siteScript = $request->getAttribute('normalizedParams')->getSiteScript();
  45         $this->checkAlternativeIdMethods($GLOBALS['TSFE']);
  46         $GLOBALS['TSFE']->clear_preview();
  47         $GLOBALS['TSFE']->determineId();
  48
  49         // No access? Then remove user & Re-evaluate the page-id
  50         if ($GLOBALS['TSFE']->isBackendUserLoggedIn() && !$GLOBALS['BE_USER']->doesUserHaveAccess($GLOBALS['TSFE']->page, Permission::PAGE_SHOW)) {
  51             unset($GLOBALS['BE_USER']);
  52             $GLOBALS['TSFE']->beUserLogin = false;
  53             $this->checkAlternativeIdMethods($GLOBALS['TSFE']);
  54             $GLOBALS['TSFE']->clear_preview();
  55             $GLOBALS['TSFE']->determineId();
  56         }
  57
  58         // Evaluate the cache hash parameter
  59         $GLOBALS['TSFE']->makeCacheHash();
  60
  61         return $handler->handle($request);
  62     }
  63
  64     /**
  65      * Provides ways to bypass the '?id=[xxx]&type=[xx]' format, using either PATH_INFO or Server Rewrites
  66      *
  67      * Two options:
  68      * 1) Use PATH_INFO (also Apache) to extract id and type from that var. Does not require any special modules compiled with apache. (less typical)
  69      * 2) Using hook which enables features like those provided from "realurl" extension (AKA "Speaking URLs")
  70      */
  71     protected function checkAlternativeIdMethods(TypoScriptFrontendController $tsfe)
  72     {
  73         // Call post processing function for custom URL methods.
  74         $_params = ['pObj' => &$tsfe];
  75         foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/class.tslib_fe.php']['checkAlternativeIdMethods-PostProc'] ?? [] as $_funcRef) {
  76             GeneralUtility::callUserFunction($_funcRef, $_params, $tsfe);
  77         }
  78     }
  79 }