[!!!][SECURITY] Mitigate potential cache flooding
[Packages/TYPO3.CMS.git] / typo3 / sysext / core / Classes / Core / Bootstrap.php
1 <?php
2 namespace TYPO3\CMS\Core\Core;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Core\Utility\ExtensionManagementUtility;
18 use TYPO3\CMS\Core\Utility\GeneralUtility;
19 use TYPO3\CMS\Core\Utility\MathUtility;
20
21 /**
22 * This class encapsulates bootstrap related methods.
23 * It is required directly as the very first thing in entry scripts and
24 * used to define all base things like constants and pathes and so on.
25 *
26 * Most methods in this class have dependencies to each other. They can
27 * not be called in arbitrary order. The methods are ordered top down, so
28 * a method at the beginning has lower dependencies than a method further
29 * down. Do not fiddle with the load order in own scripts except you know
30 * exactly what you are doing!
31 */
32 class Bootstrap
33 {
34 /**
35 * @var \TYPO3\CMS\Core\Core\Bootstrap
36 */
37 protected static $instance = null;
38
39 /**
40 * Unique Request ID
41 *
42 * @var string
43 */
44 protected $requestId;
45
46 /**
47 * The application context
48 *
49 * @var \TYPO3\CMS\Core\Core\ApplicationContext
50 */
51 protected $applicationContext;
52
53 /**
54 * @var array List of early instances
55 */
56 protected $earlyInstances = [];
57
58 /**
59 * @var string Path to install tool
60 */
61 protected $installToolPath;
62
63 /**
64 * A list of all registered request handlers, see the Application class / entry points for the registration
65 * @var \TYPO3\CMS\Core\Http\RequestHandlerInterface[]|\TYPO3\CMS\Core\Console\RequestHandlerInterface[]
66 */
67 protected $availableRequestHandlers = [];
68
69 /**
70 * The Response object when using Request/Response logic
71 * @var \Psr\Http\Message\ResponseInterface
72 * @see shutdown()
73 */
74 protected $response;
75
76 /**
77 * @var bool
78 */
79 protected static $usesComposerClassLoading = false;
80
81 /**
82 * Disable direct creation of this object.
83 * Set unique requestId and the application context
84 *
85 * @var string Application context
86 */
87 protected function __construct($applicationContext)
88 {
89 $this->requestId = substr(md5(uniqid('', true)), 0, 13);
90 $this->applicationContext = new ApplicationContext($applicationContext);
91 }
92
93 /**
94 * @return bool
95 */
96 public static function usesComposerClassLoading()
97 {
98 return self::$usesComposerClassLoading;
99 }
100
101 /**
102 * Disable direct cloning of this object.
103 */
104 protected function __clone()
105 {
106 }
107
108 /**
109 * Return 'this' as singleton
110 *
111 * @return Bootstrap
112 * @internal This is not a public API method, do not use in own extensions
113 */
114 public static function getInstance()
115 {
116 if (is_null(static::$instance)) {
117 $applicationContext = getenv('TYPO3_CONTEXT') ?: (getenv('REDIRECT_TYPO3_CONTEXT') ?: 'Production');
118 self::$instance = new static($applicationContext);
119 self::$instance->defineTypo3RequestTypes();
120 }
121 return static::$instance;
122 }
123
124 /**
125 * Gets the request's unique ID
126 *
127 * @return string Unique request ID
128 * @internal This is not a public API method, do not use in own extensions
129 */
130 public function getRequestId()
131 {
132 return $this->requestId;
133 }
134
135 /**
136 * Returns the application context this bootstrap was started in.
137 *
138 * @return \TYPO3\CMS\Core\Core\ApplicationContext The application context encapsulated in an object
139 * @internal This is not a public API method, do not use in own extensions.
140 * Use \TYPO3\CMS\Core\Utility\GeneralUtility::getApplicationContext() instead
141 */
142 public function getApplicationContext()
143 {
144 return $this->applicationContext;
145 }
146
147 /**
148 * Prevent any unwanted output that may corrupt AJAX/compression.
149 * This does not interfere with "die()" or "echo"+"exit()" messages!
150 *
151 * @return Bootstrap
152 * @internal This is not a public API method, do not use in own extensions
153 */
154 public function startOutputBuffering()
155 {
156 ob_start();
157 return $this;
158 }
159
160 /**
161 * Main entry point called at every request usually from Global scope. Checks if everything is correct,
162 * and loads the Configuration.
163 *
164 * Make sure that the baseSetup() is called before and the class loader is present
165 *
166 * @return Bootstrap
167 */
168 public function configure()
169 {
170 $this->startOutputBuffering()
171 ->loadConfigurationAndInitialize()
172 ->loadTypo3LoadedExtAndExtLocalconf(true)
173 ->setFinalCachingFrameworkCacheConfiguration()
174 ->defineLoggingAndExceptionConstants()
175 ->unsetReservedGlobalVariables()
176 ->initializeTypo3DbGlobal();
177
178 return $this;
179 }
180
181 /**
182 * Run the base setup that checks server environment, determines pathes,
183 * populates base files and sets common configuration.
184 *
185 * Script execution will be aborted if something fails here.
186 *
187 * @param int $entryPointLevel Number of subdirectories where the entry script is located under the document root
188 * @return Bootstrap
189 * @throws \RuntimeException when TYPO3_REQUESTTYPE was not set before, setRequestType() needs to be called before
190 * @internal This is not a public API method, do not use in own extensions
191 */
192 public function baseSetup($entryPointLevel = 0)
193 {
194 if (!defined('TYPO3_REQUESTTYPE')) {
195 throw new \RuntimeException('No Request Type was set, TYPO3 does not know in which context it is run.', 1450561838);
196 }
197 SystemEnvironmentBuilder::run($entryPointLevel);
198 if (!self::$usesComposerClassLoading && ClassLoadingInformation::isClassLoadingInformationAvailable()) {
199 ClassLoadingInformation::registerClassLoadingInformation();
200 }
201 GeneralUtility::presetApplicationContext($this->applicationContext);
202 return $this;
203 }
204
205 /**
206 * Sets the class loader to the bootstrap
207 *
208 * @param \Composer\Autoload\ClassLoader $classLoader an instance of the class loader
209 * @return Bootstrap
210 * @internal This is not a public API method, do not use in own extensions
211 */
212 public function initializeClassLoader($classLoader)
213 {
214 $this->setEarlyInstance(\Composer\Autoload\ClassLoader::class, $classLoader);
215 if (defined('TYPO3_COMPOSER_MODE') && TYPO3_COMPOSER_MODE) {
216 self::$usesComposerClassLoading = true;
217 }
218 return $this;
219 }
220
221 /**
222 * checks if LocalConfiguration.php or PackageStates.php is missing,
223 * used to see if a redirect to the install tool is needed
224 *
225 * @return bool TRUE when the essential configuration is available, otherwise FALSE
226 * @internal This is not a public API method, do not use in own extensions
227 */
228 public function checkIfEssentialConfigurationExists()
229 {
230 $configurationManager = new \TYPO3\CMS\Core\Configuration\ConfigurationManager;
231 $this->setEarlyInstance(\TYPO3\CMS\Core\Configuration\ConfigurationManager::class, $configurationManager);
232 return file_exists($configurationManager->getLocalConfigurationFileLocation()) && file_exists(PATH_typo3conf . 'PackageStates.php');
233 }
234
235 /**
236 * Redirect to install tool if LocalConfiguration.php is missing.
237 *
238 * @param int $entryPointLevel Number of subdirectories where the entry script is located under the document root
239 * @internal This is not a public API method, do not use in own extensions
240 */
241 public function redirectToInstallTool($entryPointLevel = 0)
242 {
243 $path = TYPO3_mainDir . 'sysext/install/Start/Install.php';
244 if ($entryPointLevel > 0) {
245 $path = str_repeat('../', $entryPointLevel) . $path;
246 }
247 header('Location: ' . $path);
248 die;
249 }
250
251 /**
252 * Adds available request handlers usually done via an application from the outside.
253 *
254 * @param string $requestHandler class which implements the request handler interface
255 * @return Bootstrap
256 * @internal This is not a public API method, do not use in own extensions
257 */
258 public function registerRequestHandlerImplementation($requestHandler)
259 {
260 $this->availableRequestHandlers[] = $requestHandler;
261 return $this;
262 }
263
264 /**
265 * Fetches the request handler that suits the best based on the priority and the interface
266 * Be sure to always have the constants that are defined in $this->defineTypo3RequestTypes() are set,
267 * so most RequestHandlers can check if they can handle the request.
268 *
269 * @param \Psr\Http\Message\ServerRequestInterface|\Symfony\Component\Console\Input\InputInterface $request
270 * @return \TYPO3\CMS\Core\Http\RequestHandlerInterface|\TYPO3\CMS\Core\Console\RequestHandlerInterface
271 * @throws \TYPO3\CMS\Core\Exception
272 * @internal This is not a public API method, do not use in own extensions
273 */
274 protected function resolveRequestHandler($request)
275 {
276 $suitableRequestHandlers = [];
277 foreach ($this->availableRequestHandlers as $requestHandlerClassName) {
278 /** @var \TYPO3\CMS\Core\Http\RequestHandlerInterface|\TYPO3\CMS\Core\Console\RequestHandlerInterface $requestHandler */
279 $requestHandler = GeneralUtility::makeInstance($requestHandlerClassName, $this);
280 if ($requestHandler->canHandleRequest($request)) {
281 $priority = $requestHandler->getPriority();
282 if (isset($suitableRequestHandlers[$priority])) {
283 throw new \TYPO3\CMS\Core\Exception('More than one request handler with the same priority can handle the request, but only one handler may be active at a time!', 1176471352);
284 }
285 $suitableRequestHandlers[$priority] = $requestHandler;
286 }
287 }
288 if (empty($suitableRequestHandlers)) {
289 throw new \TYPO3\CMS\Core\Exception('No suitable request handler found.', 1225418233);
290 }
291 ksort($suitableRequestHandlers);
292 return array_pop($suitableRequestHandlers);
293 }
294
295 /**
296 * Builds a Request instance from the current process, and then resolves the request
297 * through the request handlers depending on Frontend, Backend, CLI etc.
298 *
299 * @param \Psr\Http\Message\RequestInterface|\Symfony\Component\Console\Input\InputInterface $request
300 * @return Bootstrap
301 * @throws \TYPO3\CMS\Core\Exception
302 * @internal This is not a public API method, do not use in own extensions
303 */
304 public function handleRequest($request)
305 {
306
307 // Resolve request handler that were registered based on the Application
308 $requestHandler = $this->resolveRequestHandler($request);
309
310 // Execute the command which returns a Response object or NULL
311 $this->response = $requestHandler->handleRequest($request);
312 return $this;
313 }
314
315 /**
316 * Outputs content if there is a proper Response object.
317 *
318 * @return Bootstrap
319 */
320 protected function sendResponse()
321 {
322 if ($this->response instanceof \Psr\Http\Message\ResponseInterface) {
323 if (!headers_sent()) {
324 foreach ($this->response->getHeaders() as $name => $values) {
325 header($name . ': ' . implode(', ', $values));
326 }
327 // If the response code was not changed by legacy code (still is 200)
328 // then allow the PSR-7 response object to explicitly set it.
329 // Otherwise let legacy code take precedence.
330 // This code path can be deprecated once we expose the response object to third party code
331 if (http_response_code() === 200) {
332 header('HTTP/' . $this->response->getProtocolVersion() . ' ' . $this->response->getStatusCode() . ' ' . $this->response->getReasonPhrase());
333 }
334 }
335 echo $this->response->getBody()->__toString();
336 }
337 return $this;
338 }
339
340 /**
341 * Registers the instance of the specified object for an early boot stage.
342 * On finalizing the Object Manager initialization, all those instances will
343 * be transferred to the Object Manager's registry.
344 *
345 * @param string $objectName Object name, as later used by the Object Manager
346 * @param object $instance The instance to register
347 * @return void
348 * @internal This is not a public API method, do not use in own extensions
349 */
350 public function setEarlyInstance($objectName, $instance)
351 {
352 $this->earlyInstances[$objectName] = $instance;
353 }
354
355 /**
356 * Returns an instance which was registered earlier through setEarlyInstance()
357 *
358 * @param string $objectName Object name of the registered instance
359 * @return object
360 * @throws \TYPO3\CMS\Core\Exception
361 * @internal This is not a public API method, do not use in own extensions
362 */
363 public function getEarlyInstance($objectName)
364 {
365 if (!isset($this->earlyInstances[$objectName])) {
366 throw new \TYPO3\CMS\Core\Exception('Unknown early instance "' . $objectName . '"', 1365167380);
367 }
368 return $this->earlyInstances[$objectName];
369 }
370
371 /**
372 * Returns all registered early instances indexed by object name
373 *
374 * @return array
375 * @internal This is not a public API method, do not use in own extensions
376 */
377 public function getEarlyInstances()
378 {
379 return $this->earlyInstances;
380 }
381
382 /**
383 * Includes LocalConfiguration.php and sets several
384 * global settings depending on configuration.
385 *
386 * @param bool $allowCaching Whether to allow caching - affects cache_core (autoloader)
387 * @param string $packageManagerClassName Define an alternative package manager implementation (usually for the installer)
388 * @return Bootstrap
389 * @internal This is not a public API method, do not use in own extensions
390 */
391 public function loadConfigurationAndInitialize($allowCaching = true, $packageManagerClassName = \TYPO3\CMS\Core\Package\PackageManager::class)
392 {
393 $this->populateLocalConfiguration()
394 ->initializeErrorHandling();
395 if (!$allowCaching) {
396 $this->disableCoreCache();
397 }
398 $this->initializeCachingFramework()
399 ->initializePackageManagement($packageManagerClassName)
400 ->initializeRuntimeActivatedPackagesFromConfiguration()
401 ->defineUserAgentConstant()
402 ->registerExtDirectComponents()
403 ->setCacheHashOptions()
404 ->setDefaultTimezone()
405 ->initializeL10nLocales()
406 ->setMemoryLimit();
407 if ($allowCaching) {
408 $this->ensureClassLoadingInformationExists();
409 }
410 return $this;
411 }
412
413 /**
414 * Initializes the package system and loads the package configuration and settings
415 * provided by the packages.
416 *
417 * @param string $packageManagerClassName Define an alternative package manager implementation (usually for the installer)
418 * @return Bootstrap
419 * @internal This is not a public API method, do not use in own extensions
420 */
421 public function initializePackageManagement($packageManagerClassName)
422 {
423 /** @var \TYPO3\CMS\Core\Package\PackageManager $packageManager */
424 $packageManager = new $packageManagerClassName();
425 $this->setEarlyInstance(\TYPO3\CMS\Core\Package\PackageManager::class, $packageManager);
426 ExtensionManagementUtility::setPackageManager($packageManager);
427 $packageManager->injectCoreCache($this->getEarlyInstance(\TYPO3\CMS\Core\Cache\CacheManager::class)->getCache('cache_core'));
428 $dependencyResolver = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Package\DependencyResolver::class);
429 $dependencyResolver->injectDependencyOrderingService(GeneralUtility::makeInstance(\TYPO3\CMS\Core\Service\DependencyOrderingService::class));
430 $packageManager->injectDependencyResolver($dependencyResolver);
431 $packageManager->initialize();
432 GeneralUtility::setSingletonInstance(\TYPO3\CMS\Core\Package\PackageManager::class, $packageManager);
433 return $this;
434 }
435
436 /**
437 * Writes class loading information if not yet present
438 *
439 * @return Bootstrap
440 * @internal This is not a public API method, do not use in own extensions
441 */
442 public function ensureClassLoadingInformationExists()
443 {
444 if (!self::$usesComposerClassLoading && !ClassLoadingInformation::isClassLoadingInformationAvailable()) {
445 ClassLoadingInformation::dumpClassLoadingInformation();
446 ClassLoadingInformation::registerClassLoadingInformation();
447 }
448 return $this;
449 }
450
451 /**
452 * Activates a package during runtime. This is used in AdditionalConfiguration.php
453 * to enable extensions under conditions.
454 *
455 * @return Bootstrap
456 */
457 protected function initializeRuntimeActivatedPackagesFromConfiguration()
458 {
459 if (!empty($GLOBALS['TYPO3_CONF_VARS']['EXT']['runtimeActivatedPackages']) && is_array($GLOBALS['TYPO3_CONF_VARS']['EXT']['runtimeActivatedPackages'])) {
460 /** @var \TYPO3\CMS\Core\Package\PackageManager $packageManager */
461 $packageManager = $this->getEarlyInstance(\TYPO3\CMS\Core\Package\PackageManager::class);
462 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXT']['runtimeActivatedPackages'] as $runtimeAddedPackageKey) {
463 $packageManager->activatePackageDuringRuntime($runtimeAddedPackageKey);
464 }
465 }
466 return $this;
467 }
468
469 /**
470 * Load ext_localconf of extensions
471 *
472 * @param bool $allowCaching
473 * @return Bootstrap
474 * @internal This is not a public API method, do not use in own extensions
475 */
476 public function loadTypo3LoadedExtAndExtLocalconf($allowCaching = true)
477 {
478 ExtensionManagementUtility::loadExtLocalconf($allowCaching);
479 return $this;
480 }
481
482 /**
483 * We need an early instance of the configuration manager.
484 * Since makeInstance relies on the object configuration, we create it here with new instead.
485 *
486 * @return Bootstrap
487 * @internal This is not a public API method, do not use in own extensions
488 */
489 public function populateLocalConfiguration()
490 {
491 try {
492 $configurationManager = $this->getEarlyInstance(\TYPO3\CMS\Core\Configuration\ConfigurationManager::class);
493 } catch (\TYPO3\CMS\Core\Exception $exception) {
494 $configurationManager = new \TYPO3\CMS\Core\Configuration\ConfigurationManager();
495 $this->setEarlyInstance(\TYPO3\CMS\Core\Configuration\ConfigurationManager::class, $configurationManager);
496 }
497 $configurationManager->exportConfiguration();
498 return $this;
499 }
500
501 /**
502 * Set cache_core to null backend, effectively disabling eg. the cache for ext_localconf and PackageManager etc.
503 *
504 * @return \TYPO3\CMS\Core\Core\Bootstrap
505 * @internal This is not a public API method, do not use in own extensions
506 */
507 public function disableCoreCache()
508 {
509 $GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations']['cache_core']['backend']
510 = \TYPO3\CMS\Core\Cache\Backend\NullBackend::class;
511 unset($GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations']['cache_core']['options']);
512 return $this;
513 }
514
515 /**
516 * Define user agent constant
517 *
518 * @return \TYPO3\CMS\Core\Core\Bootstrap
519 */
520 protected function defineUserAgentConstant()
521 {
522 define('TYPO3_user_agent', 'User-Agent: ' . $GLOBALS['TYPO3_CONF_VARS']['HTTP']['headers']['User-Agent']);
523 return $this;
524 }
525
526 /**
527 * Register default ExtDirect components
528 *
529 * @return Bootstrap
530 */
531 protected function registerExtDirectComponents()
532 {
533 if (TYPO3_MODE === 'BE') {
534 ExtensionManagementUtility::registerExtDirectComponent(
535 'TYPO3.Components.PageTree.DataProvider',
536 \TYPO3\CMS\Backend\Tree\Pagetree\ExtdirectTreeDataProvider::class
537 );
538 ExtensionManagementUtility::registerExtDirectComponent(
539 'TYPO3.Components.PageTree.Commands',
540 \TYPO3\CMS\Backend\Tree\Pagetree\ExtdirectTreeCommands::class
541 );
542 ExtensionManagementUtility::registerExtDirectComponent(
543 'TYPO3.Components.PageTree.ContextMenuDataProvider',
544 \TYPO3\CMS\Backend\ContextMenu\Pagetree\Extdirect\ContextMenuConfiguration::class
545 );
546 ExtensionManagementUtility::registerExtDirectComponent(
547 'TYPO3.ExtDirectStateProvider.ExtDirect',
548 \TYPO3\CMS\Backend\InterfaceState\ExtDirect\DataProvider::class
549 );
550 }
551 return $this;
552 }
553
554 /**
555 * Initialize caching framework, and re-initializes it (e.g. in the install tool) by recreating the instances
556 * again despite the Singleton instance
557 *
558 * @return Bootstrap
559 * @internal This is not a public API method, do not use in own extensions
560 */
561 public function initializeCachingFramework()
562 {
563 $cacheManager = new \TYPO3\CMS\Core\Cache\CacheManager();
564 $cacheManager->setCacheConfigurations($GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations']);
565 GeneralUtility::setSingletonInstance(\TYPO3\CMS\Core\Cache\CacheManager::class, $cacheManager);
566 $this->setEarlyInstance(\TYPO3\CMS\Core\Cache\CacheManager::class, $cacheManager);
567 return $this;
568 }
569
570 /**
571 * Set cacheHash options
572 *
573 * @return Bootstrap
574 */
575 protected function setCacheHashOptions()
576 {
577 $GLOBALS['TYPO3_CONF_VARS']['FE']['cacheHash'] = [
578 'cachedParametersWhiteList' => GeneralUtility::trimExplode(',', $GLOBALS['TYPO3_CONF_VARS']['FE']['cHashOnlyForParameters'], true),
579 'excludedParameters' => GeneralUtility::trimExplode(',', $GLOBALS['TYPO3_CONF_VARS']['FE']['cHashExcludedParameters'], true),
580 'requireCacheHashPresenceParameters' => GeneralUtility::trimExplode(',', $GLOBALS['TYPO3_CONF_VARS']['FE']['cHashRequiredParameters'], true),
581 'includePageId' => $GLOBALS['TYPO3_CONF_VARS']['FE']['cHashIncludePageId']
582 ];
583 if (trim($GLOBALS['TYPO3_CONF_VARS']['FE']['cHashExcludedParametersIfEmpty']) === '*') {
584 $GLOBALS['TYPO3_CONF_VARS']['FE']['cacheHash']['excludeAllEmptyParameters'] = true;
585 } else {
586 $GLOBALS['TYPO3_CONF_VARS']['FE']['cacheHash']['excludedParametersIfEmpty'] = GeneralUtility::trimExplode(',', $GLOBALS['TYPO3_CONF_VARS']['FE']['cHashExcludedParametersIfEmpty'], true);
587 }
588 return $this;
589 }
590
591 /**
592 * Set default timezone
593 *
594 * @return Bootstrap
595 */
596 protected function setDefaultTimezone()
597 {
598 $timeZone = $GLOBALS['TYPO3_CONF_VARS']['SYS']['phpTimeZone'];
599 if (empty($timeZone)) {
600 // Time zone from the server environment (TZ env or OS query)
601 $defaultTimeZone = @date_default_timezone_get();
602 if ($defaultTimeZone !== '') {
603 $timeZone = $defaultTimeZone;
604 } else {
605 $timeZone = 'UTC';
606 }
607 }
608 // Set default to avoid E_WARNINGs with PHP > 5.3
609 date_default_timezone_set($timeZone);
610 return $this;
611 }
612
613 /**
614 * Initialize the locales handled by TYPO3
615 *
616 * @return Bootstrap
617 */
618 protected function initializeL10nLocales()
619 {
620 \TYPO3\CMS\Core\Localization\Locales::initialize();
621 return $this;
622 }
623
624 /**
625 * Configure and set up exception and error handling
626 *
627 * @return Bootstrap
628 * @throws \RuntimeException
629 */
630 protected function initializeErrorHandling()
631 {
632 $productionExceptionHandlerClassName = $GLOBALS['TYPO3_CONF_VARS']['SYS']['productionExceptionHandler'];
633 $debugExceptionHandlerClassName = $GLOBALS['TYPO3_CONF_VARS']['SYS']['debugExceptionHandler'];
634
635 $errorHandlerClassName = $GLOBALS['TYPO3_CONF_VARS']['SYS']['errorHandler'];
636 $errorHandlerErrors = $GLOBALS['TYPO3_CONF_VARS']['SYS']['errorHandlerErrors'];
637 $exceptionalErrors = $GLOBALS['TYPO3_CONF_VARS']['SYS']['exceptionalErrors'];
638
639 $displayErrorsSetting = (int)$GLOBALS['TYPO3_CONF_VARS']['SYS']['displayErrors'];
640 switch ($displayErrorsSetting) {
641 case -1:
642 $ipMatchesDevelopmentSystem = GeneralUtility::cmpIP(GeneralUtility::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask']);
643 $exceptionHandlerClassName = $ipMatchesDevelopmentSystem ? $debugExceptionHandlerClassName : $productionExceptionHandlerClassName;
644 $displayErrors = $ipMatchesDevelopmentSystem ? 1 : 0;
645 $exceptionalErrors = $ipMatchesDevelopmentSystem ? $exceptionalErrors : 0;
646 break;
647 case 0:
648 $exceptionHandlerClassName = $productionExceptionHandlerClassName;
649 $displayErrors = 0;
650 break;
651 case 1:
652 $exceptionHandlerClassName = $debugExceptionHandlerClassName;
653 $displayErrors = 1;
654 break;
655 default:
656 // Throw exception if an invalid option is set.
657 throw new \RuntimeException('The option $TYPO3_CONF_VARS[SYS][displayErrors] is not set to "-1", "0" or "1".');
658 }
659 @ini_set('display_errors', $displayErrors);
660
661 if (!empty($errorHandlerClassName)) {
662 // Register an error handler for the given errorHandlerError
663 $errorHandler = GeneralUtility::makeInstance($errorHandlerClassName, $errorHandlerErrors);
664 $errorHandler->setExceptionalErrors($exceptionalErrors);
665 if (is_callable([$errorHandler, 'setDebugMode'])) {
666 $errorHandler->setDebugMode($displayErrors === 1);
667 }
668 }
669 if (!empty($exceptionHandlerClassName)) {
670 // Registering the exception handler is done in the constructor
671 GeneralUtility::makeInstance($exceptionHandlerClassName);
672 }
673 return $this;
674 }
675
676 /**
677 * Set PHP memory limit depending on value of
678 * $GLOBALS['TYPO3_CONF_VARS']['SYS']['setMemoryLimit']
679 *
680 * @return Bootstrap
681 */
682 protected function setMemoryLimit()
683 {
684 if ((int)$GLOBALS['TYPO3_CONF_VARS']['SYS']['setMemoryLimit'] > 16) {
685 @ini_set('memory_limit', ((int)$GLOBALS['TYPO3_CONF_VARS']['SYS']['setMemoryLimit'] . 'm'));
686 }
687 return $this;
688 }
689
690 /**
691 * Define TYPO3_REQUESTTYPE* constants that can be used for developers to see if any context has been hit
692 * also see setRequestType(). Is done at the very beginning so these parameters are always available.
693 *
694 * @return Bootstrap
695 */
696 protected function defineTypo3RequestTypes()
697 {
698 define('TYPO3_REQUESTTYPE_FE', 1);
699 define('TYPO3_REQUESTTYPE_BE', 2);
700 define('TYPO3_REQUESTTYPE_CLI', 4);
701 define('TYPO3_REQUESTTYPE_AJAX', 8);
702 define('TYPO3_REQUESTTYPE_INSTALL', 16);
703 }
704
705 /**
706 * Defines the TYPO3_REQUESTTYPE constant so the environment knows which context the request is running.
707 *
708 * @throws \RuntimeException if the method was already called during a request
709 * @return Bootstrap
710 */
711 public function setRequestType($requestType)
712 {
713 if (defined('TYPO3_REQUESTTYPE')) {
714 throw new \RuntimeException('TYPO3_REQUESTTYPE has already been set, cannot be called multiple times', 1450561878);
715 }
716 define('TYPO3_REQUESTTYPE', $requestType);
717 return $this;
718 }
719
720 /**
721 * Extensions may register new caches, so we set the
722 * global cache array to the manager again at this point
723 *
724 * @return Bootstrap
725 * @internal This is not a public API method, do not use in own extensions
726 */
727 public function setFinalCachingFrameworkCacheConfiguration()
728 {
729 $this->getEarlyInstance(\TYPO3\CMS\Core\Cache\CacheManager::class)->setCacheConfigurations($GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations']);
730 return $this;
731 }
732
733 /**
734 * Define logging and exception constants
735 *
736 * @return Bootstrap
737 * @internal This is not a public API method, do not use in own extensions
738 */
739 public function defineLoggingAndExceptionConstants()
740 {
741 define('TYPO3_DLOG', $GLOBALS['TYPO3_CONF_VARS']['SYS']['enable_DLOG']);
742 define('TYPO3_ERROR_DLOG', $GLOBALS['TYPO3_CONF_VARS']['SYS']['enable_errorDLOG']);
743 define('TYPO3_EXCEPTION_DLOG', $GLOBALS['TYPO3_CONF_VARS']['SYS']['enable_exceptionDLOG']);
744 return $this;
745 }
746
747 /**
748 * Unsetting reserved global variables:
749 * Those are set in "ext:core/ext_tables.php" file:
750 *
751 * @return Bootstrap
752 * @internal This is not a public API method, do not use in own extensions
753 */
754 public function unsetReservedGlobalVariables()
755 {
756 unset($GLOBALS['PAGES_TYPES']);
757 unset($GLOBALS['TCA']);
758 unset($GLOBALS['TBE_MODULES']);
759 unset($GLOBALS['TBE_STYLES']);
760 unset($GLOBALS['BE_USER']);
761 // Those set otherwise:
762 unset($GLOBALS['TBE_MODULES_EXT']);
763 unset($GLOBALS['TCA_DESCR']);
764 unset($GLOBALS['LOCAL_LANG']);
765 return $this;
766 }
767
768 /**
769 * Initialize database connection in $GLOBALS and connect if requested
770 *
771 * @return \TYPO3\CMS\Core\Core\Bootstrap
772 * @internal This is not a public API method, do not use in own extensions
773 */
774 public function initializeTypo3DbGlobal()
775 {
776 /** @var $databaseConnection \TYPO3\CMS\Core\Database\DatabaseConnection */
777 $databaseConnection = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Database\DatabaseConnection::class);
778 $databaseConnection->setDatabaseName(
779 $GLOBALS['TYPO3_CONF_VARS']['DB']['Connections']['Default']['dbname'] ?? ''
780 );
781 $databaseConnection->setDatabaseUsername(
782 $GLOBALS['TYPO3_CONF_VARS']['DB']['Connections']['Default']['user'] ?? ''
783 );
784 $databaseConnection->setDatabasePassword(
785 $GLOBALS['TYPO3_CONF_VARS']['DB']['Connections']['Default']['password'] ?? ''
786 );
787
788 $databaseHost = $GLOBALS['TYPO3_CONF_VARS']['DB']['Connections']['Default']['host'] ?? '';
789 if (isset($GLOBALS['TYPO3_CONF_VARS']['DB']['Connections']['Default']['port'])) {
790 $databaseConnection->setDatabasePort($GLOBALS['TYPO3_CONF_VARS']['DB']['Connections']['Default']['port']);
791 } elseif (strpos($databaseHost, ':') > 0) {
792 // @TODO: Find a way to handle this case in the install tool and drop this
793 list($databaseHost, $databasePort) = explode(':', $databaseHost);
794 $databaseConnection->setDatabasePort($databasePort);
795 }
796 if (isset($GLOBALS['TYPO3_CONF_VARS']['DB']['Connections']['Default']['unix_socket'])) {
797 $databaseConnection->setDatabaseSocket(
798 $GLOBALS['TYPO3_CONF_VARS']['DB']['Connections']['Default']['unix_socket']
799 );
800 }
801 $databaseConnection->setDatabaseHost($databaseHost);
802
803 $databaseConnection->debugOutput = $GLOBALS['TYPO3_CONF_VARS']['SYS']['sqlDebug'];
804
805 if (isset($GLOBALS['TYPO3_CONF_VARS']['DB']['Connections']['Default']['persistentConnection'])
806 && $GLOBALS['TYPO3_CONF_VARS']['DB']['Connections']['Default']['persistentConnection']
807 ) {
808 $databaseConnection->setPersistentDatabaseConnection(true);
809 }
810
811 $isDatabaseHostLocalHost = in_array($databaseHost, ['localhost', '127.0.0.1', '::1'], true);
812 if (isset($GLOBALS['TYPO3_CONF_VARS']['DB']['Connections']['Default']['driverOptions'])
813 && $GLOBALS['TYPO3_CONF_VARS']['DB']['Connections']['Default']['driverOptions'] & MYSQLI_CLIENT_COMPRESS
814 && !$isDatabaseHostLocalHost
815 ) {
816 $databaseConnection->setConnectionCompression(true);
817 }
818
819 if (!empty($GLOBALS['TYPO3_CONF_VARS']['DB']['Connections']['Default']['initCommands'])) {
820 $commandsAfterConnect = GeneralUtility::trimExplode(
821 LF,
822 str_replace(
823 '\' . LF . \'',
824 LF,
825 $GLOBALS['TYPO3_CONF_VARS']['DB']['Connections']['Default']['initCommands']
826 ),
827 true
828 );
829 $databaseConnection->setInitializeCommandsAfterConnect($commandsAfterConnect);
830 }
831
832 $GLOBALS['TYPO3_DB'] = $databaseConnection;
833 // $GLOBALS['TYPO3_DB'] needs to be defined first in order to work for DBAL
834 $GLOBALS['TYPO3_DB']->initialize();
835
836 return $this;
837 }
838
839 /**
840 * Check adminOnly configuration variable and redirects
841 * to an URL in file typo3conf/LOCK_BACKEND or exit the script
842 *
843 * @throws \RuntimeException
844 * @param bool $forceProceeding if this option is set, the bootstrap will proceed even if the user is logged in (usually only needed for special AJAX cases, see AjaxRequestHandler)
845 * @return Bootstrap
846 * @internal This is not a public API method, do not use in own extensions
847 */
848 public function checkLockedBackendAndRedirectOrDie($forceProceeding = false)
849 {
850 if ($GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] < 0) {
851 throw new \RuntimeException('TYPO3 Backend locked: Backend and Install Tool are locked for maintenance. [BE][adminOnly] is set to "' . (int)$GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] . '".', 1294586847);
852 }
853 if (@is_file(PATH_typo3conf . 'LOCK_BACKEND') && $forceProceeding === false) {
854 $fileContent = file_get_contents(PATH_typo3conf . 'LOCK_BACKEND');
855 if ($fileContent) {
856 header('Location: ' . $fileContent);
857 } else {
858 throw new \RuntimeException('TYPO3 Backend locked: Browser backend is locked for maintenance. Remove lock by removing the file "typo3conf/LOCK_BACKEND" or use CLI-scripts.', 1294586848);
859 }
860 die;
861 }
862 return $this;
863 }
864
865 /**
866 * Compare client IP with IPmaskList and exit the script run
867 * if the client is not allowed to access the backend
868 *
869 * @return Bootstrap
870 * @internal This is not a public API method, do not use in own extensions
871 * @throws \RuntimeException
872 */
873 public function checkBackendIpOrDie()
874 {
875 if (trim($GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) {
876 if (!GeneralUtility::cmpIP(GeneralUtility::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) {
877 throw new \RuntimeException('TYPO3 Backend access denied: The IP address of your client does not match the list of allowed IP addresses.', 1389265900);
878 }
879 }
880 return $this;
881 }
882
883 /**
884 * Check lockSSL configuration variable and redirect
885 * to https version of the backend if needed
886 *
887 * @return Bootstrap
888 * @internal This is not a public API method, do not use in own extensions
889 * @throws \RuntimeException
890 */
891 public function checkSslBackendAndRedirectIfNeeded()
892 {
893 if ((bool)$GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] && !GeneralUtility::getIndpEnv('TYPO3_SSL')) {
894 if ((int)$GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSLPort']) {
895 $sslPortSuffix = ':' . (int)$GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSLPort'];
896 } else {
897 $sslPortSuffix = '';
898 }
899 list(, $url) = explode('://', GeneralUtility::getIndpEnv('TYPO3_SITE_URL') . TYPO3_mainDir, 2);
900 list($server, $address) = explode('/', $url, 2);
901 header('Location: https://' . $server . $sslPortSuffix . '/' . $address);
902 die;
903 }
904 return $this;
905 }
906
907 /**
908 * Load TCA for frontend
909 *
910 * This method is *only* executed in frontend scope. The idea is to execute the
911 * whole TCA and ext_tables (which manipulate TCA) on first frontend access,
912 * and then cache the full TCA on disk to be used for the next run again.
913 *
914 * This way, ext_tables.php ist not executed every time, but $GLOBALS['TCA']
915 * is still always there.
916 *
917 * @return Bootstrap
918 * @internal This is not a public API method, do not use in own extensions
919 */
920 public function loadCachedTca()
921 {
922 $cacheIdentifier = 'tca_fe_' . sha1((TYPO3_version . PATH_site . 'tca_fe'));
923 /** @var $codeCache \TYPO3\CMS\Core\Cache\Frontend\PhpFrontend */
924 $codeCache = $this->getEarlyInstance(\TYPO3\CMS\Core\Cache\CacheManager::class)->getCache('cache_core');
925 if ($codeCache->has($cacheIdentifier)) {
926 // substr is necessary, because the php frontend wraps php code around the cache value
927 $GLOBALS['TCA'] = unserialize(substr($codeCache->get($cacheIdentifier), 6, -2));
928 } else {
929 $this->loadExtensionTables();
930 $codeCache->set($cacheIdentifier, serialize($GLOBALS['TCA']));
931 }
932 return $this;
933 }
934
935 /**
936 * Load ext_tables and friends.
937 *
938 * This will mainly set up $TCA and several other global arrays
939 * through API's like extMgm.
940 * Executes ext_tables.php files of loaded extensions or the
941 * according cache file if exists.
942 *
943 * @param bool $allowCaching True, if reading compiled ext_tables file from cache is allowed
944 * @return Bootstrap
945 * @internal This is not a public API method, do not use in own extensions
946 */
947 public function loadExtensionTables($allowCaching = true)
948 {
949 ExtensionManagementUtility::loadBaseTca($allowCaching);
950 ExtensionManagementUtility::loadExtTables($allowCaching);
951 $this->runExtTablesPostProcessingHooks();
952 return $this;
953 }
954
955 /**
956 * Check for registered ext tables hooks and run them
957 *
958 * @throws \UnexpectedValueException
959 * @return void
960 */
961 protected function runExtTablesPostProcessingHooks()
962 {
963 if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['GLOBAL']['extTablesInclusion-PostProcessing'])) {
964 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['GLOBAL']['extTablesInclusion-PostProcessing'] as $classReference) {
965 /** @var $hookObject \TYPO3\CMS\Core\Database\TableConfigurationPostProcessingHookInterface */
966 $hookObject = GeneralUtility::getUserObj($classReference);
967 if (!$hookObject instanceof \TYPO3\CMS\Core\Database\TableConfigurationPostProcessingHookInterface) {
968 throw new \UnexpectedValueException(
969 '$hookObject "' . $classReference . '" must implement interface TYPO3\\CMS\\Core\\Database\\TableConfigurationPostProcessingHookInterface',
970 1320585902
971 );
972 }
973 $hookObject->processData();
974 }
975 }
976 }
977
978 /**
979 * Initialize the Routing for the TYPO3 Backend
980 * Loads all routes registered inside all packages and stores them inside the Router
981 *
982 * @return Bootstrap
983 * @internal This is not a public API method, do not use in own extensions
984 */
985 public function initializeBackendRouter()
986 {
987 // See if the Routes.php from all active packages have been built together already
988 $cacheIdentifier = 'BackendRoutesFromPackages_' . sha1((TYPO3_version . PATH_site . 'BackendRoutesFromPackages'));
989
990 /** @var $codeCache \TYPO3\CMS\Core\Cache\Frontend\PhpFrontend */
991 $codeCache = $this->getEarlyInstance(\TYPO3\CMS\Core\Cache\CacheManager::class)->getCache('cache_core');
992 $routesFromPackages = [];
993 if ($codeCache->has($cacheIdentifier)) {
994 // substr is necessary, because the php frontend wraps php code around the cache value
995 $routesFromPackages = unserialize(substr($codeCache->get($cacheIdentifier), 6, -2));
996 } else {
997 // Loop over all packages and check for a Configuration/Backend/Routes.php file
998 $packageManager = $this->getEarlyInstance(\TYPO3\CMS\Core\Package\PackageManager::class);
999 $packages = $packageManager->getActivePackages();
1000 foreach ($packages as $package) {
1001 $routesFileNameForPackage = $package->getPackagePath() . 'Configuration/Backend/Routes.php';
1002 if (file_exists($routesFileNameForPackage)) {
1003 $definedRoutesInPackage = require $routesFileNameForPackage;
1004 if (is_array($definedRoutesInPackage)) {
1005 $routesFromPackages = array_merge($routesFromPackages, $definedRoutesInPackage);
1006 }
1007 }
1008 $routesFileNameForPackage = $package->getPackagePath() . 'Configuration/Backend/AjaxRoutes.php';
1009 if (file_exists($routesFileNameForPackage)) {
1010 $definedRoutesInPackage = require $routesFileNameForPackage;
1011 if (is_array($definedRoutesInPackage)) {
1012 foreach ($definedRoutesInPackage as $routeIdentifier => $routeOptions) {
1013 // prefix the route with "ajax_" as "namespace"
1014 $routeOptions['path'] = '/ajax' . $routeOptions['path'];
1015 $routesFromPackages['ajax_' . $routeIdentifier] = $routeOptions;
1016 $routesFromPackages['ajax_' . $routeIdentifier]['ajax'] = true;
1017 }
1018 }
1019 }
1020 }
1021 // Store the data from all packages in the cache
1022 $codeCache->set($cacheIdentifier, serialize($routesFromPackages));
1023 }
1024
1025 // Build Route objects from the data
1026 $router = GeneralUtility::makeInstance(\TYPO3\CMS\Backend\Routing\Router::class);
1027 foreach ($routesFromPackages as $name => $options) {
1028 $path = $options['path'];
1029 unset($options['path']);
1030 $route = GeneralUtility::makeInstance(\TYPO3\CMS\Backend\Routing\Route::class, $path, $options);
1031 $router->addRoute($name, $route);
1032 }
1033 return $this;
1034 }
1035
1036 /**
1037 * Initialize backend user object in globals
1038 *
1039 * @return Bootstrap
1040 * @internal This is not a public API method, do not use in own extensions
1041 */
1042 public function initializeBackendUser()
1043 {
1044 /** @var $backendUser \TYPO3\CMS\Core\Authentication\BackendUserAuthentication */
1045 $backendUser = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::class);
1046 $backendUser->warningEmail = $GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr'];
1047 $backendUser->lockIP = $GLOBALS['TYPO3_CONF_VARS']['BE']['lockIP'];
1048 $backendUser->sessionTimeout = (int)$GLOBALS['TYPO3_CONF_VARS']['BE']['sessionTimeout'];
1049 if (TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_CLI) {
1050 $backendUser->dontSetCookie = true;
1051 }
1052 // The global must be available very early, because methods below
1053 // might trigger code which relies on it. See: #45625
1054 $GLOBALS['BE_USER'] = $backendUser;
1055 $backendUser->start();
1056 return $this;
1057 }
1058
1059 /**
1060 * Initializes and ensures authenticated access
1061 *
1062 * @internal This is not a public API method, do not use in own extensions
1063 * @param bool $proceedIfNoUserIsLoggedIn if set to TRUE, no forced redirect to the login page will be done
1064 * @return \TYPO3\CMS\Core\Core\Bootstrap
1065 */
1066 public function initializeBackendAuthentication($proceedIfNoUserIsLoggedIn = false)
1067 {
1068 $GLOBALS['BE_USER']->backendCheckLogin($proceedIfNoUserIsLoggedIn);
1069 return $this;
1070 }
1071
1072 /**
1073 * Initialize language object
1074 *
1075 * @return Bootstrap
1076 * @internal This is not a public API method, do not use in own extensions
1077 */
1078 public function initializeLanguageObject()
1079 {
1080 /** @var $GLOBALS['LANG'] \TYPO3\CMS\Lang\LanguageService */
1081 $GLOBALS['LANG'] = GeneralUtility::makeInstance(\TYPO3\CMS\Lang\LanguageService::class);
1082 $GLOBALS['LANG']->init($GLOBALS['BE_USER']->uc['lang']);
1083 return $this;
1084 }
1085
1086 /**
1087 * Throw away all output that may have happened during bootstrapping by weird extensions
1088 *
1089 * @return Bootstrap
1090 * @internal This is not a public API method, do not use in own extensions
1091 */
1092 public function endOutputBufferingAndCleanPreviousOutput()
1093 {
1094 ob_clean();
1095 return $this;
1096 }
1097
1098 /**
1099 * Initialize output compression if configured
1100 *
1101 * @return Bootstrap
1102 * @internal This is not a public API method, do not use in own extensions
1103 */
1104 public function initializeOutputCompression()
1105 {
1106 if (extension_loaded('zlib') && $GLOBALS['TYPO3_CONF_VARS']['BE']['compressionLevel']) {
1107 if (MathUtility::canBeInterpretedAsInteger($GLOBALS['TYPO3_CONF_VARS']['BE']['compressionLevel'])) {
1108 @ini_set('zlib.output_compression_level', $GLOBALS['TYPO3_CONF_VARS']['BE']['compressionLevel']);
1109 }
1110 ob_start('ob_gzhandler');
1111 }
1112 return $this;
1113 }
1114
1115 /**
1116 * Send HTTP headers if configured
1117 *
1118 * @return Bootstrap
1119 * @internal This is not a public API method, do not use in own extensions
1120 */
1121 public function sendHttpHeaders()
1122 {
1123 if (!empty($GLOBALS['TYPO3_CONF_VARS']['BE']['HTTP']['Response']['Headers']) && is_array($GLOBALS['TYPO3_CONF_VARS']['BE']['HTTP']['Response']['Headers'])) {
1124 foreach ($GLOBALS['TYPO3_CONF_VARS']['BE']['HTTP']['Response']['Headers'] as $header) {
1125 header($header);
1126 }
1127 }
1128 return $this;
1129 }
1130
1131 /**
1132 * Things that should be performed to shut down the framework.
1133 * This method is called in all important scripts for a clean
1134 * shut down of the system.
1135 *
1136 * @return Bootstrap
1137 * @internal This is not a public API method, do not use in own extensions
1138 */
1139 public function shutdown()
1140 {
1141 $this->sendResponse();
1142 return $this;
1143 }
1144
1145 /**
1146 * Provides an instance of "template" for backend-modules to
1147 * work with.
1148 *
1149 * @return Bootstrap
1150 * @internal This is not a public API method, do not use in own extensions
1151 */
1152 public function initializeBackendTemplate()
1153 {
1154 $GLOBALS['TBE_TEMPLATE'] = GeneralUtility::makeInstance(\TYPO3\CMS\Backend\Template\DocumentTemplate::class);
1155 return $this;
1156 }
1157 }