2 declare(strict_types
= 1);
3 namespace TYPO3\CMS\Frontend\Middleware
;
6 * This file is part of the TYPO3 CMS project.
8 * It is free software; you can redistribute it and/or modify it under
9 * the terms of the GNU General Public License, either version 2
10 * of the License, or any later version.
12 * For the full copyright and license information, please read the
13 * LICENSE.txt file that was distributed with this source code.
15 * The TYPO3 project - inspiring people to share!
18 use Psr\Http\Message\ResponseInterface
;
19 use Psr\Http\Message\ServerRequestInterface
;
20 use Psr\Http\Server\MiddlewareInterface
;
21 use Psr\Http\Server\RequestHandlerInterface
;
22 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication
;
23 use TYPO3\CMS\Core\Context\Context
;
24 use TYPO3\CMS\Core\Context\UserAspect
;
25 use TYPO3\CMS\Core\Context\WorkspaceAspect
;
26 use TYPO3\CMS\Core\Database\ConnectionPool
;
27 use TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction
;
28 use TYPO3\CMS\Core\Database\Query\Restriction\FrontendWorkspaceRestriction
;
29 use TYPO3\CMS\Core\Routing\PageArguments
;
30 use TYPO3\CMS\Core\Routing\RouteNotFoundException
;
31 use TYPO3\CMS\Core\Routing\SiteRouteResult
;
32 use TYPO3\CMS\Core\Site\Entity\Site
;
33 use TYPO3\CMS\Core\Site\Entity\SiteInterface
;
34 use TYPO3\CMS\Core\Site\Entity\SiteLanguage
;
35 use TYPO3\CMS\Core\Type\Bitmask\Permission
;
36 use TYPO3\CMS\Core\Utility\GeneralUtility
;
37 use TYPO3\CMS\Core\Utility\MathUtility
;
38 use TYPO3\CMS\Frontend\Controller\ErrorController
;
39 use TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController
;
40 use TYPO3\CMS\Frontend\Page\PageAccessFailureReasons
;
43 * Process the ID, type and other parameters.
44 * After this point we have an array, TSFE->page, which is the page-record of the current page, $TSFE->id.
46 * Now, if there is a backend user logged in and he has NO access to this page,
47 * then re-evaluate the id shown!
49 class PageResolver
implements MiddlewareInterface
52 * @var TypoScriptFrontendController
54 protected $controller;
56 public function __construct(TypoScriptFrontendController
$controller = null)
58 $this->controller
= $controller ??
$GLOBALS['TSFE'];
64 * @param ServerRequestInterface $request
65 * @param RequestHandlerInterface $handler
66 * @return ResponseInterface
68 public function process(ServerRequestInterface
$request, RequestHandlerInterface
$handler): ResponseInterface
70 // First, resolve the root page of the site, the Page ID of the current domain
71 if (($site = $request->getAttribute('site', null)) instanceof SiteInterface
) {
72 $this->controller
->domainStartPage
= $site->getRootPageId();
74 $language = $request->getAttribute('language', null);
76 $hasSiteConfiguration = $language instanceof SiteLanguage
&& $site instanceof Site
;
78 // Resolve the page ID based on TYPO3's native routing functionality
79 if ($hasSiteConfiguration) {
80 /** @var SiteRouteResult $previousResult */
81 $previousResult = $request->getAttribute('routing', null);
82 if (!$previousResult) {
83 return GeneralUtility
::makeInstance(ErrorController
::class)->pageNotFoundAction(
85 'The requested page does not exist',
86 ['code' => PageAccessFailureReasons
::PAGE_NOT_FOUND
]
90 $requestId = (string)($request->getQueryParams()['id'] ??
'');
91 if (!empty($requestId) && !empty($page = $this->resolvePageId($requestId))) {
92 // Legacy URIs (?id=12345) takes precedence, not matter if a route is given
93 $pageArguments = new PageArguments(
94 (int)($page['l10n_parent'] ?
: $page['uid']),
95 (string)($request->getQueryParams()['type'] ??
'0'),
98 $request->getQueryParams()
101 // Check for the route
103 $pageArguments = $site->getRouter()->matchRequest($request, $previousResult);
104 } catch (RouteNotFoundException
$e) {
105 return GeneralUtility
::makeInstance(ErrorController
::class)->pageNotFoundAction(
107 'The requested page does not exist',
108 ['code' => PageAccessFailureReasons
::PAGE_NOT_FOUND
]
112 if (!$pageArguments->getPageId()) {
113 return GeneralUtility
::makeInstance(ErrorController
::class)->pageNotFoundAction(
115 'The requested page does not exist',
116 ['code' => PageAccessFailureReasons
::PAGE_NOT_FOUND
]
120 $this->controller
->id
= $pageArguments->getPageId();
121 $this->controller
->type
= $pageArguments->getPageType() ??
$this->controller
->type
;
122 $request = $request->withAttribute('routing', $pageArguments);
123 // stop in case arguments are dirty (=defined twice in route and GET query parameters)
124 if ($pageArguments->areDirty()) {
125 return GeneralUtility
::makeInstance(ErrorController
::class)->pageNotFoundAction(
127 'The requested URL is not distinct',
128 ['code' => PageAccessFailureReasons
::PAGE_NOT_FOUND
]
132 // merge the PageArguments with the request query parameters
133 $queryParams = array_replace_recursive($request->getQueryParams(), $pageArguments->getArguments());
134 $request = $request->withQueryParams($queryParams);
135 $this->controller
->setPageArguments($pageArguments);
137 // At this point, we later get further route modifiers
138 // for bw-compat we update $GLOBALS[TYPO3_REQUEST] to be used later in TSFE.
139 $GLOBALS['TYPO3_REQUEST'] = $request;
141 // old-school page resolving for realurl, cooluri etc.
142 $this->controller
->siteScript
= $request->getAttribute('normalizedParams')->getSiteScript();
145 $this->controller
->determineId();
147 // No access? Then remove user & Re-evaluate the page-id
148 if ($this->controller
->isBackendUserLoggedIn() && !$GLOBALS['BE_USER']->doesUserHaveAccess($this->controller
->page
, Permission
::PAGE_SHOW
)) {
149 unset($GLOBALS['BE_USER']);
150 // Register an empty backend user as aspect
151 $this->setBackendUserAspect(GeneralUtility
::makeInstance(Context
::class), null);
152 $this->controller
->determineId();
155 return $handler->handle($request);
159 * @param string $pageId
162 protected function resolvePageId(string $pageId): ?
array
164 $queryBuilder = GeneralUtility
::makeInstance(ConnectionPool
::class)
165 ->getQueryBuilderForTable('pages');
169 ->add(GeneralUtility
::makeInstance(DeletedRestriction
::class))
170 ->add(GeneralUtility
::makeInstance(FrontendWorkspaceRestriction
::class));
172 if (MathUtility
::canBeInterpretedAsInteger($pageId)) {
173 $constraint = $queryBuilder->expr()->eq(
175 $queryBuilder->createNamedParameter($pageId, \PDO
::PARAM_INT
)
178 $constraint = $queryBuilder->expr()->eq(
180 $queryBuilder->createNamedParameter($pageId, \PDO
::PARAM_STR
)
184 $statement = $queryBuilder
185 ->select('uid', 'l10n_parent', 'pid')
190 $page = $statement->fetch();
198 * Register the backend user as aspect
200 * @param Context $context
201 * @param BackendUserAuthentication $user
203 protected function setBackendUserAspect(Context
$context, BackendUserAuthentication
$user = null)
205 $context->setAspect('backend.user', GeneralUtility
::makeInstance(UserAspect
::class, $user));
206 $context->setAspect('workspace', GeneralUtility
::makeInstance(WorkspaceAspect
::class, $user ?
$user->workspace
: 0));