[TASK] Streamline Page Argument merge strategies
[Packages/TYPO3.CMS.git] / typo3 / sysext / frontend / Classes / Middleware / PageResolver.php
1 <?php
2 declare(strict_types = 1);
3 namespace TYPO3\CMS\Frontend\Middleware;
4
5 /*
6 * This file is part of the TYPO3 CMS project.
7 *
8 * It is free software; you can redistribute it and/or modify it under
9 * the terms of the GNU General Public License, either version 2
10 * of the License, or any later version.
11 *
12 * For the full copyright and license information, please read the
13 * LICENSE.txt file that was distributed with this source code.
14 *
15 * The TYPO3 project - inspiring people to share!
16 */
17
18 use Psr\Http\Message\ResponseInterface;
19 use Psr\Http\Message\ServerRequestInterface;
20 use Psr\Http\Server\MiddlewareInterface;
21 use Psr\Http\Server\RequestHandlerInterface;
22 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
23 use TYPO3\CMS\Core\Context\Context;
24 use TYPO3\CMS\Core\Context\UserAspect;
25 use TYPO3\CMS\Core\Context\WorkspaceAspect;
26 use TYPO3\CMS\Core\Database\ConnectionPool;
27 use TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction;
28 use TYPO3\CMS\Core\Database\Query\Restriction\FrontendWorkspaceRestriction;
29 use TYPO3\CMS\Core\Routing\PageArguments;
30 use TYPO3\CMS\Core\Routing\RouteResult;
31 use TYPO3\CMS\Core\Site\Entity\Site;
32 use TYPO3\CMS\Core\Site\Entity\SiteInterface;
33 use TYPO3\CMS\Core\Site\Entity\SiteLanguage;
34 use TYPO3\CMS\Core\Type\Bitmask\Permission;
35 use TYPO3\CMS\Core\Utility\GeneralUtility;
36 use TYPO3\CMS\Core\Utility\MathUtility;
37 use TYPO3\CMS\Frontend\Controller\ErrorController;
38 use TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController;
39 use TYPO3\CMS\Frontend\Page\PageAccessFailureReasons;
40
41 /**
42 * Process the ID, type and other parameters.
43 * After this point we have an array, TSFE->page, which is the page-record of the current page, $TSFE->id.
44 *
45 * Now, if there is a backend user logged in and he has NO access to this page,
46 * then re-evaluate the id shown!
47 */
48 class PageResolver implements MiddlewareInterface
49 {
50 /**
51 * @var TypoScriptFrontendController
52 */
53 protected $controller;
54
55 public function __construct(TypoScriptFrontendController $controller = null)
56 {
57 $this->controller = $controller ?? $GLOBALS['TSFE'];
58 }
59
60 /**
61 * Resolve the page ID
62 *
63 * @param ServerRequestInterface $request
64 * @param RequestHandlerInterface $handler
65 * @return ResponseInterface
66 */
67 public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
68 {
69 // First, resolve the root page of the site, the Page ID of the current domain
70 if (($site = $request->getAttribute('site', null)) instanceof SiteInterface) {
71 $this->controller->domainStartPage = $site->getRootPageId();
72 }
73 $language = $request->getAttribute('language', null);
74
75 $hasSiteConfiguration = $language instanceof SiteLanguage && $site instanceof Site;
76
77 // Resolve the page ID based on TYPO3's native routing functionality
78 if ($hasSiteConfiguration) {
79 /** @var RouteResult $previousResult */
80 $previousResult = $request->getAttribute('routing', null);
81 if (!$previousResult) {
82 return GeneralUtility::makeInstance(ErrorController::class)->pageNotFoundAction(
83 $request,
84 'The requested page does not exist',
85 ['code' => PageAccessFailureReasons::PAGE_NOT_FOUND]
86 );
87 }
88
89 $requestId = (string)($request->getQueryParams()['id'] ?? '');
90 if (!empty($requestId) && !empty($page = $this->resolvePageId($requestId))) {
91 // Legacy URIs (?id=12345) takes precedence, not matter if a route is given
92 $pageArguments = new PageArguments(
93 (int)($page['l10n_parent'] ?: $page['uid']),
94 [],
95 [],
96 $request->getQueryParams()
97 );
98 } else {
99 // Check for the route
100 $pageArguments = $site->getRouter()->matchRequest($request, $previousResult);
101 }
102 if ($pageArguments === null || !$pageArguments->getPageId()) {
103 return GeneralUtility::makeInstance(ErrorController::class)->pageNotFoundAction(
104 $request,
105 'The requested page does not exist',
106 ['code' => PageAccessFailureReasons::PAGE_NOT_FOUND]
107 );
108 }
109
110 $this->controller->id = $pageArguments->getPageId();
111 $this->controller->type = $pageArguments->getArguments()['type'] ?? $this->controller->type;
112 $request = $request->withAttribute('routing', $pageArguments);
113 // stop in case arguments are dirty (=defined twice in route and GET query parameters)
114 if ($pageArguments->areDirty()) {
115 return GeneralUtility::makeInstance(ErrorController::class)->pageNotFoundAction(
116 $request,
117 'The requested URL is not distinct',
118 ['code' => PageAccessFailureReasons::PAGE_NOT_FOUND]
119 );
120 }
121
122 // merge the PageArguments with the request query parameters
123 $queryParams = array_replace_recursive($request->getQueryParams(), $pageArguments->getArguments());
124 $request = $request->withQueryParams($queryParams);
125 $this->controller->setPageArguments($pageArguments);
126
127 // At this point, we later get further route modifiers
128 // for bw-compat we update $GLOBALS[TYPO3_REQUEST] to be used later in TSFE.
129 $GLOBALS['TYPO3_REQUEST'] = $request;
130 } else {
131 // old-school page resolving for realurl, cooluri etc.
132 $this->controller->siteScript = $request->getAttribute('normalizedParams')->getSiteScript();
133 if (!empty($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/class.tslib_fe.php']['checkAlternativeIdMethods-PostProc'])) {
134 trigger_error('The "checkAlternativeIdMethods-PostProc" hook will be removed in TYPO3 v10.0 in favor of PSR-15. Use a middleware instead.', E_USER_DEPRECATED);
135 $this->checkAlternativeIdMethods($this->controller);
136 }
137 }
138
139 $this->controller->determineId();
140
141 // No access? Then remove user & Re-evaluate the page-id
142 if ($this->controller->isBackendUserLoggedIn() && !$GLOBALS['BE_USER']->doesUserHaveAccess($this->controller->page, Permission::PAGE_SHOW)) {
143 unset($GLOBALS['BE_USER']);
144 // Register an empty backend user as aspect
145 $this->setBackendUserAspect(GeneralUtility::makeInstance(Context::class), null);
146 if (!$hasSiteConfiguration) {
147 $this->checkAlternativeIdMethods($this->controller);
148 }
149 $this->controller->determineId();
150 }
151
152 return $handler->handle($request);
153 }
154
155 /**
156 * Provides ways to bypass the '?id=[xxx]&type=[xx]' format, using either PATH_INFO or Server Rewrites
157 *
158 * Two options:
159 * 1) Use PATH_INFO (also Apache) to extract id and type from that var. Does not require any special modules compiled with apache. (less typical)
160 * 2) Using hook which enables features like those provided from "realurl" extension (AKA "Speaking URLs")
161 *
162 * @param TypoScriptFrontendController $tsfe
163 */
164 protected function checkAlternativeIdMethods(TypoScriptFrontendController $tsfe)
165 {
166 // Call post processing function for custom URL methods.
167 $_params = ['pObj' => &$tsfe];
168 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/class.tslib_fe.php']['checkAlternativeIdMethods-PostProc'] ?? [] as $_funcRef) {
169 GeneralUtility::callUserFunction($_funcRef, $_params, $tsfe);
170 }
171 }
172
173 /**
174 * @param string $pageId
175 * @return array|null
176 */
177 protected function resolvePageId(string $pageId): ?array
178 {
179 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)
180 ->getQueryBuilderForTable('pages');
181 $queryBuilder
182 ->getRestrictions()
183 ->removeAll()
184 ->add(GeneralUtility::makeInstance(DeletedRestriction::class))
185 ->add(GeneralUtility::makeInstance(FrontendWorkspaceRestriction::class));
186
187 if (MathUtility::canBeInterpretedAsInteger($pageId)) {
188 $constraint = $queryBuilder->expr()->eq(
189 'uid',
190 $queryBuilder->createNamedParameter($pageId, \PDO::PARAM_INT)
191 );
192 } else {
193 $constraint = $queryBuilder->expr()->eq(
194 'alias',
195 $queryBuilder->createNamedParameter($pageId, \PDO::PARAM_STR)
196 );
197 }
198
199 $statement = $queryBuilder
200 ->select('uid', 'l10n_parent', 'pid')
201 ->from('pages')
202 ->where($constraint)
203 ->execute();
204
205 $page = $statement->fetch();
206 if (empty($page)) {
207 return null;
208 }
209 return $page;
210 }
211
212 /**
213 * Register the backend user as aspect
214 *
215 * @param Context $context
216 * @param BackendUserAuthentication $user
217 */
218 protected function setBackendUserAspect(Context $context, BackendUserAuthentication $user = null)
219 {
220 $context->setAspect('backend.user', GeneralUtility::makeInstance(UserAspect::class, $user));
221 $context->setAspect('workspace', GeneralUtility::makeInstance(WorkspaceAspect::class, $user ? $user->workspace : 0));
222 }
223 }