typo3/sysext/frontend/Classes/Middleware/EidHandler.php

   1 <?php
   2 declare(strict_types = 1);
   3 namespace TYPO3\CMS\Frontend\Middleware;
   4
   5 /*
   6  * This file is part of the TYPO3 CMS project.
   7  *
   8  * It is free software; you can redistribute it and/or modify it under
   9  * the terms of the GNU General Public License, either version 2
  10  * of the License, or any later version.
  11  *
  12  * For the full copyright and license information, please read the
  13  * LICENSE.txt file that was distributed with this source code.
  14  *
  15  * The TYPO3 project - inspiring people to share!
  16  */
  17
  18 use Psr\Http\Message\ResponseInterface;
  19 use Psr\Http\Message\ServerRequestInterface;
  20 use Psr\Http\Server\MiddlewareInterface;
  21 use Psr\Http\Server\RequestHandlerInterface;
  22 use TYPO3\CMS\Core\Exception;
  23 use TYPO3\CMS\Core\Http\Dispatcher;
  24 use TYPO3\CMS\Core\Http\NullResponse;
  25 use TYPO3\CMS\Core\Http\Response;
  26 use TYPO3\CMS\Core\Utility\GeneralUtility;
  27
  28 /**
  29  * Lightweight alternative to regular frontend requests; used when $_GET[eID] is set.
  30  * In the future, logic from the EidUtility will be moved to this class.
  31  */
  32 class EidHandler implements MiddlewareInterface
  33 {
  34     /**
  35      * Dispatches the request to the corresponding eID class or eID script
  36      *
  37      * @param ServerRequestInterface $request
  38      * @return ResponseInterface
  39      * @throws Exception
  40      */
  41     public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
  42     {
  43         $eID = $request->getParsedBody()['eID'] ?? $request->getQueryParams()['eID'] ?? null;
  44
  45         if ($eID === null) {
  46             return $handler->handle($request);
  47         }
  48
  49         // Remove any output produced until now
  50         ob_clean();
  51
  52         /** @var Response $response */
  53         $response = GeneralUtility::makeInstance(Response::class);
  54
  55         if (empty($eID) || !isset($GLOBALS['TYPO3_CONF_VARS']['FE']['eID_include'][$eID])) {
  56             return $response->withStatus(404, 'eID not registered');
  57         }
  58
  59         $configuration = $GLOBALS['TYPO3_CONF_VARS']['FE']['eID_include'][$eID];
  60
  61         // Simple check to make sure that it's not an absolute file (to use the fallback)
  62         if (strpos($configuration, '::') !== false || is_callable($configuration)) {
  63             /** @var Dispatcher $dispatcher */
  64             $dispatcher = GeneralUtility::makeInstance(Dispatcher::class);
  65             $request = $request->withAttribute('target', $configuration);
  66             return $dispatcher->dispatch($request, $response) ?? new NullResponse();
  67         }
  68
  69         $scriptPath = GeneralUtility::getFileAbsFileName($configuration);
  70         if ($scriptPath === '') {
  71             throw new Exception('Registered eID has invalid script path.', 1518042216);
  72         }
  73         include $scriptPath;
  74         return new NullResponse();
  75     }
  76 }