bd48da61dc81a809255927d3633342e9c93794a3
[Packages/TYPO3.CMS.git] / typo3 / sysext / frontend / Classes / Middleware / PageResolver.php
1 <?php
2 declare(strict_types = 1);
3 namespace TYPO3\CMS\Frontend\Middleware;
4
5 /*
6 * This file is part of the TYPO3 CMS project.
7 *
8 * It is free software; you can redistribute it and/or modify it under
9 * the terms of the GNU General Public License, either version 2
10 * of the License, or any later version.
11 *
12 * For the full copyright and license information, please read the
13 * LICENSE.txt file that was distributed with this source code.
14 *
15 * The TYPO3 project - inspiring people to share!
16 */
17
18 use Psr\Http\Message\ResponseInterface;
19 use Psr\Http\Message\ServerRequestInterface;
20 use Psr\Http\Server\MiddlewareInterface;
21 use Psr\Http\Server\RequestHandlerInterface;
22 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
23 use TYPO3\CMS\Core\Context\Context;
24 use TYPO3\CMS\Core\Context\UserAspect;
25 use TYPO3\CMS\Core\Context\WorkspaceAspect;
26 use TYPO3\CMS\Core\Database\ConnectionPool;
27 use TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction;
28 use TYPO3\CMS\Core\Database\Query\Restriction\FrontendWorkspaceRestriction;
29 use TYPO3\CMS\Core\Routing\PageArguments;
30 use TYPO3\CMS\Core\Routing\RouteResult;
31 use TYPO3\CMS\Core\Site\Entity\Site;
32 use TYPO3\CMS\Core\Site\Entity\SiteInterface;
33 use TYPO3\CMS\Core\Site\Entity\SiteLanguage;
34 use TYPO3\CMS\Core\Type\Bitmask\Permission;
35 use TYPO3\CMS\Core\Utility\GeneralUtility;
36 use TYPO3\CMS\Core\Utility\MathUtility;
37 use TYPO3\CMS\Frontend\Controller\ErrorController;
38 use TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController;
39 use TYPO3\CMS\Frontend\Page\PageAccessFailureReasons;
40
41 /**
42 * Process the ID, type and other parameters.
43 * After this point we have an array, TSFE->page, which is the page-record of the current page, $TSFE->id.
44 *
45 * Now, if there is a backend user logged in and he has NO access to this page,
46 * then re-evaluate the id shown!
47 */
48 class PageResolver implements MiddlewareInterface
49 {
50 /**
51 * @var TypoScriptFrontendController
52 */
53 protected $controller;
54
55 public function __construct(TypoScriptFrontendController $controller = null)
56 {
57 $this->controller = $controller ?? $GLOBALS['TSFE'];
58 }
59
60 /**
61 * Resolve the page ID
62 *
63 * @param ServerRequestInterface $request
64 * @param RequestHandlerInterface $handler
65 * @return ResponseInterface
66 */
67 public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
68 {
69 // First, resolve the root page of the site, the Page ID of the current domain
70 if (($site = $request->getAttribute('site', null)) instanceof SiteInterface) {
71 $this->controller->domainStartPage = $site->getRootPageId();
72 }
73 $language = $request->getAttribute('language', null);
74
75 $hasSiteConfiguration = $language instanceof SiteLanguage && $site instanceof Site;
76
77 // Resolve the page ID based on TYPO3's native routing functionality
78 if ($hasSiteConfiguration) {
79 /** @var RouteResult $previousResult */
80 $previousResult = $request->getAttribute('routing', null);
81 if (!$previousResult) {
82 return GeneralUtility::makeInstance(ErrorController::class)->pageNotFoundAction(
83 $request,
84 'The requested page does not exist',
85 ['code' => PageAccessFailureReasons::PAGE_NOT_FOUND]
86 );
87 }
88
89 $requestId = (string)($request->getQueryParams()['id'] ?? '');
90 if (!empty($requestId) && !empty($page = $this->resolvePageId($requestId))) {
91 // Legacy URIs (?id=12345) takes precedence, not matter if a route is given
92 $routeResult = new PageArguments(
93 (int)($page['l10n_parent'] ?: $page['uid']),
94 [],
95 [],
96 $request->getQueryParams()
97 );
98 } else {
99 // Check for the route
100 $routeResult = $site->getRouter()->matchRequest($request, $previousResult);
101 }
102 if ($routeResult === null || !$routeResult->getPageId()) {
103 return GeneralUtility::makeInstance(ErrorController::class)->pageNotFoundAction(
104 $request,
105 'The requested page does not exist',
106 ['code' => PageAccessFailureReasons::PAGE_NOT_FOUND]
107 );
108 }
109
110 $this->controller->id = $routeResult->getPageId();
111 $request = $request->withAttribute('routing', $routeResult);
112 // stop in case arguments are dirty (=defined twice in route and GET query parameters)
113 if ($routeResult->areDirty()) {
114 return GeneralUtility::makeInstance(ErrorController::class)->pageNotFoundAction(
115 $request,
116 'The requested URL is not distinct',
117 ['code' => PageAccessFailureReasons::PAGE_NOT_FOUND]
118 );
119 }
120 // At this point, we later get further route modifiers
121 // for bw-compat we update $GLOBALS[TYPO3_REQUEST] to be used later in TSFE.
122 $GLOBALS['TYPO3_REQUEST'] = $request;
123 } else {
124 // old-school page resolving for realurl, cooluri etc.
125 $this->controller->siteScript = $request->getAttribute('normalizedParams')->getSiteScript();
126 if (!empty($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/class.tslib_fe.php']['checkAlternativeIdMethods-PostProc'])) {
127 trigger_error('The "checkAlternativeIdMethods-PostProc" hook will be removed in TYPO3 v10.0 in favor of PSR-15. Use a middleware instead.', E_USER_DEPRECATED);
128 $this->checkAlternativeIdMethods($this->controller);
129 }
130 }
131
132 $this->controller->determineId();
133
134 // No access? Then remove user & Re-evaluate the page-id
135 if ($this->controller->isBackendUserLoggedIn() && !$GLOBALS['BE_USER']->doesUserHaveAccess($this->controller->page, Permission::PAGE_SHOW)) {
136 unset($GLOBALS['BE_USER']);
137 // Register an empty backend user as aspect
138 $this->setBackendUserAspect(GeneralUtility::makeInstance(Context::class), null);
139 if (!$hasSiteConfiguration) {
140 $this->checkAlternativeIdMethods($this->controller);
141 }
142 $this->controller->determineId();
143 }
144
145 return $handler->handle($request);
146 }
147
148 /**
149 * Provides ways to bypass the '?id=[xxx]&type=[xx]' format, using either PATH_INFO or Server Rewrites
150 *
151 * Two options:
152 * 1) Use PATH_INFO (also Apache) to extract id and type from that var. Does not require any special modules compiled with apache. (less typical)
153 * 2) Using hook which enables features like those provided from "realurl" extension (AKA "Speaking URLs")
154 *
155 * @param TypoScriptFrontendController $tsfe
156 */
157 protected function checkAlternativeIdMethods(TypoScriptFrontendController $tsfe)
158 {
159 // Call post processing function for custom URL methods.
160 $_params = ['pObj' => &$tsfe];
161 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/class.tslib_fe.php']['checkAlternativeIdMethods-PostProc'] ?? [] as $_funcRef) {
162 GeneralUtility::callUserFunction($_funcRef, $_params, $tsfe);
163 }
164 }
165
166 /**
167 * @param string $pageId
168 * @return array|null
169 */
170 protected function resolvePageId(string $pageId): ?array
171 {
172 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)
173 ->getQueryBuilderForTable('pages');
174 $queryBuilder
175 ->getRestrictions()
176 ->removeAll()
177 ->add(GeneralUtility::makeInstance(DeletedRestriction::class))
178 ->add(GeneralUtility::makeInstance(FrontendWorkspaceRestriction::class));
179
180 if (MathUtility::canBeInterpretedAsInteger($pageId)) {
181 $constraint = $queryBuilder->expr()->eq(
182 'uid',
183 $queryBuilder->createNamedParameter($pageId, \PDO::PARAM_INT)
184 );
185 } else {
186 $constraint = $queryBuilder->expr()->eq(
187 'alias',
188 $queryBuilder->createNamedParameter($pageId, \PDO::PARAM_STR)
189 );
190 }
191
192 $statement = $queryBuilder
193 ->select('uid', 'l10n_parent', 'pid')
194 ->from('pages')
195 ->where($constraint)
196 ->execute();
197
198 $page = $statement->fetch();
199 if (empty($page)) {
200 return null;
201 }
202 return $page;
203 }
204
205 /**
206 * Register the backend user as aspect
207 *
208 * @param Context $context
209 * @param BackendUserAuthentication $user
210 */
211 protected function setBackendUserAspect(Context $context, BackendUserAuthentication $user = null)
212 {
213 $context->setAspect('backend.user', GeneralUtility::makeInstance(UserAspect::class, $user));
214 $context->setAspect('workspace', GeneralUtility::makeInstance(WorkspaceAspect::class, $user ? $user->workspace : 0));
215 }
216 }