[TASK] Protect bootstrap methods
[Packages/TYPO3.CMS.git] / typo3 / sysext / core / Classes / Core / CliBootstrap.php
1 <?php
2 namespace TYPO3\CMS\Core\Core;
3
4 /***************************************************************
5 * Copyright notice
6 *
7 * (c) 2012 Christian Kuhn <lolli@schwarzbu.ch>
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 * A copy is found in the textfile GPL.txt and important notices to the license
19 * from the author is found in LICENSE.txt distributed with these scripts.
20 *
21 *
22 * This script is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
26 *
27 * This copyright notice MUST APPEAR in all copies of the script!
28 ***************************************************************/
29 /**
30 * This class encapsulates cli specific bootstrap methods.
31 *
32 * This script is internal code and subject to change.
33 * DO NOT use it in own code, or be prepared your code might
34 * break in future core versions.
35 *
36 * @author Christian Kuhn <lolli@schwarzbu.ch>
37 */
38 class CliBootstrap {
39
40 /**
41 * Check the script is called from a cli environment.
42 *
43 * @return void
44 * @internal This is not a public API method, do not use in own extensions
45 */
46 static public function checkEnvironmentOrDie() {
47 if (substr(php_sapi_name(), 0, 3) === 'cgi') {
48 self::initializeCgiCompatibilityLayerOrDie();
49 } elseif (php_sapi_name() !== 'cli') {
50 die('Not called from a command line interface (e.g. a shell or scheduler).' . chr(10));
51 }
52 }
53
54 /**
55 * Check and define cli parameters.
56 * First argument is a key that points to the script configuration.
57 * If it is not set or not valid, the script exits with an error message.
58 *
59 * @return void
60 * @internal This is not a public API method, do not use in own extensions
61 */
62 static public function initializeCliKeyOrDie() {
63 if (!isset($_SERVER['argv'][1]) || !is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['GLOBAL']['cliKeys'][$_SERVER['argv'][1]])) {
64 if (!isset($_SERVER['argv'][1])) {
65 $message = 'This script must have a \'cliKey\' as first argument.';
66 } else {
67 $message = 'The supplied \'cliKey\' is not valid.';
68 }
69 $message .= ' Valid keys are:
70
71 ';
72 $cliKeys = array_keys($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['GLOBAL']['cliKeys']);
73 asort($cliKeys);
74 foreach ($cliKeys as $key => $value) {
75 $message .= ' ' . $value . LF;
76 }
77 fwrite(STDERR, $message . LF);
78 die(1);
79 }
80 define('TYPO3_cliKey', $_SERVER['argv'][1]);
81 define('TYPO3_cliInclude', \TYPO3\CMS\Core\Utility\GeneralUtility::getFileAbsFileName($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['GLOBAL']['cliKeys'][TYPO3_cliKey][0]));
82 $GLOBALS['MCONF']['name'] = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['GLOBAL']['cliKeys'][TYPO3_cliKey][1];
83 // This is a compatibility layer: Some cli scripts rely on this, like ext:phpunit cli
84 $GLOBALS['temp_cliScriptPath'] = array_shift($_SERVER['argv']);
85 $GLOBALS['temp_cliKey'] = array_shift($_SERVER['argv']);
86 array_unshift($_SERVER['argv'], $GLOBALS['temp_cliScriptPath']);
87 }
88
89 /**
90 * Set up cgi sapi as de facto cli, but check no HTTP
91 * environment variables are set.
92 *
93 * @return void
94 */
95 static protected function initializeCgiCompatibilityLayerOrDie() {
96 // Sanity check: Ensure we're running in a shell or cronjob (and NOT via HTTP)
97 $checkEnvVars = array('HTTP_USER_AGENT', 'HTTP_HOST', 'SERVER_NAME', 'REMOTE_ADDR', 'REMOTE_PORT', 'SERVER_PROTOCOL');
98 foreach ($checkEnvVars as $var) {
99 if (array_key_exists($var, $_SERVER)) {
100 echo 'SECURITY CHECK FAILED! This script cannot be used within your browser!' . chr(10);
101 echo 'If you are sure that we run in a shell or cronjob, please unset' . chr(10);
102 echo 'environment variable ' . $var . ' (usually using \'unset ' . $var . '\')' . chr(10);
103 echo 'before starting this script.' . chr(10);
104 die;
105 }
106 }
107 // Mimic CLI API in CGI API (you must use the -C/-no-chdir and the -q/--no-header switches!)
108 ini_set('html_errors', 0);
109 ini_set('implicit_flush', 1);
110 ini_set('max_execution_time', 0);
111 define(STDIN, fopen('php://stdin', 'r'));
112 define(STDOUT, fopen('php://stdout', 'w'));
113 define(STDERR, fopen('php://stderr', 'w'));
114 }
115
116 }
117
118
119 ?>