[TASK] Require PHP setting register_globals set to Off
[Packages/TYPO3.CMS.git] / typo3 / classes / Bootstrap / BaseSetup.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 2012 Christian Kuhn <lolli@schwarzbu.ch>
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27
28 /**
29 * Class to encapsulate base setup of bootstrap.
30 *
31 * This class contains all code that must be executed by every
32 * entry script without exceptions.
33 *
34 * It sets up all basic paths, constants, global variables and checks
35 * the basic environment TYPO3 runs in.
36 *
37 * This class does not use any TYPO3 instance specific configuration, it only
38 * sets up things based on the server environment and core code. Even with a
39 * missing typo3conf/localconf.php this script will be successful.
40 *
41 * The script aborts execution with an error message if
42 * some part fails or conditions are not met.
43 */
44 class Typo3_Bootstrap_BaseSetup {
45
46 /**
47 * Run base setup.
48 *
49 * @param string $relativePathPart Relative path of the entry script back to document root
50 * @return void
51 */
52 public static function run($relativePathPart = '') {
53 self::ensureRequiredEnvironment();
54 self::checkGlobalsAreNotSetViaPostOrGet();
55 self::defineBaseConstants();
56 self::definePaths($relativePathPart);
57 self::checkMainPathsExist();
58 self::requireBaseClasses();
59 self::handleMagicQuotesGpc();
60 self::addCorePearPathToIncludePath();
61 self::initializeGlobalVariables();
62 self::loadDefaultConfiguration();
63 self::initializeGlobalTimeTrackingVariables();
64 self::initializeBasicErrorReporting();
65 }
66
67 /**
68 * Check php version requirement or exit script
69 *
70 * @return void
71 */
72 protected static function ensureRequiredEnvironment() {
73 if (version_compare(phpversion(), '5.3', '<')) {
74 die('TYPO3 requires PHP 5.3.0 or higher.');
75 }
76
77 if (self::getPhpIniValueBoolean('register_globals')) {
78 die('TYPO3 requires PHP setting "register_globals" set to Off. (Error: #1345284320)');
79 }
80 }
81
82 /**
83 * Cast a on/off php ini value to boolean
84 *
85 * @param string $configOption
86 * @return boolean TRUE if the given option is enabled, FALSE if disabled
87 * @see t3lib_utility_PhpOptions::getIniValueBoolean
88 */
89 protected static function getPhpIniValueBoolean($configOption) {
90 return filter_var(ini_get($configOption), FILTER_VALIDATE_BOOLEAN, array(FILTER_REQUIRE_SCALAR, FILTER_NULL_ON_FAILURE));
91 }
92
93 /**
94 * Exit script if globals are set via post or get
95 *
96 * @return void
97 */
98 protected static function checkGlobalsAreNotSetViaPostOrGet() {
99 if (isset($_POST['GLOBALS']) || isset($_GET['GLOBALS'])) {
100 die('You cannot set the GLOBALS array from outside the script.');
101 }
102 }
103
104 /**
105 * Define all simple constants that have no dependency to local configuration
106 *
107 * @return void
108 */
109 protected static function defineBaseConstants() {
110 // This version, branch and copyright
111 define('TYPO3_version', '6.0-dev');
112 define('TYPO3_branch', '6.0');
113 define('TYPO3_copyright_year', '1998-2012');
114
115 // TYPO3 external links
116 define('TYPO3_URL_GENERAL', 'http://typo3.org/');
117 define('TYPO3_URL_ORG', 'http://typo3.org/');
118 define('TYPO3_URL_LICENSE', 'http://typo3.org/licenses');
119 define('TYPO3_URL_EXCEPTION', 'http://typo3.org/go/exception/v4/');
120 define('TYPO3_URL_MAILINGLISTS', 'http://lists.typo3.org/cgi-bin/mailman/listinfo');
121 define('TYPO3_URL_DOCUMENTATION', 'http://typo3.org/documentation/');
122 define('TYPO3_URL_DOCUMENTATION_TSREF', 'http://typo3.org/documentation/document-library/core-documentation/doc_core_tsref/current/view/');
123 define('TYPO3_URL_DOCUMENTATION_TSCONFIG', 'http://typo3.org/documentation/document-library/core-documentation/doc_core_tsconfig/current/view/');
124 define('TYPO3_URL_CONSULTANCY', 'http://typo3.org/support/professional-services/');
125 define('TYPO3_URL_CONTRIBUTE', 'http://typo3.org/contribute/');
126 define('TYPO3_URL_SECURITY', 'http://typo3.org/teams/security/');
127 define('TYPO3_URL_DOWNLOAD', 'http://typo3.org/download/');
128 define('TYPO3_URL_SYSTEMREQUIREMENTS', 'http://typo3.org/about/typo3-the-cms/system-requirements/');
129 define('TYPO3_URL_DONATE', 'http://typo3.org/donate/online-donation/');
130
131 // A tabulator, a linefeed, a carriage return, a CR-LF combination
132 define('TAB', chr(9));
133 define('LF', chr(10));
134 define('CR', chr(13));
135 define('CRLF', CR . LF);
136
137 // Security related constant: Default value of fileDenyPattern
138 define('FILE_DENY_PATTERN_DEFAULT', '\.(php[3-6]?|phpsh|phtml)(\..*)?$|^\.htaccess$');
139
140 // Security related constant: List of file extensions that should be registered as php script file extensions
141 define('PHP_EXTENSIONS_DEFAULT', 'php,php3,php4,php5,php6,phpsh,inc,phtml');
142
143 // List of extensions required to run the core
144 define('REQUIRED_EXTENSIONS', 'cms,lang,sv,extensionmanager,recordlist,extbase,fluid');
145
146 // Operating system identifier
147 // Either "WIN" or empty string
148 define('TYPO3_OS', self::getTypo3Os());
149 }
150
151 /**
152 * Calculate all required base paths and set as constants.
153 *
154 * @param string $relativePathPart Relative path of the entry script back to document root
155 * @return void
156 */
157 protected static function definePaths($relativePathPart = '') {
158 // Relative path from document root to typo3/ directory
159 // Hardcoded to "typo3/"
160 define('TYPO3_mainDir', 'typo3/');
161
162 // Absolute path of the entry script that was called
163 // All paths are unified between Windows and Unix, so the \ of Windows is substituted to a /
164 // Example "/var/www/instance-name/htdocs/typo3conf/ext/wec_map/mod1/index.php"
165 // Example "c:/var/www/instance-name/htdocs/typo3/backend.php" for a path in Windows
166 define('PATH_thisScript', self::getPathThisScript());
167
168 // Absolute path of the document root of the instance with trailing slash
169 // Example "/var/www/instance-name/htdocs/"
170 define('PATH_site', self::getPathSite($relativePathPart));
171
172 // Absolute path of the typo3 directory of the instance with trailing slash
173 // Example "/var/www/instance-name/htdocs/typo3/"
174 define('PATH_typo3', PATH_site . TYPO3_mainDir);
175
176 // Relative path (from the PATH_typo3) to a BE module NOT using mod.php dispatcher with trailing slash
177 // Example "sysext/perms/mod/" for an extension installed in typo3/sysext/
178 // Example "install/" for the install tool entry script
179 // Example "../typo3conf/ext/templavoila/mod2/ for an extension installed in typo3conf/ext/
180 define('PATH_typo3_mod', defined('TYPO3_MOD_PATH') ? TYPO3_MOD_PATH : '');
181
182 // Absolute path to the t3lib directory with trailing slash
183 // Example "/var/www/instance-name/htdocs/t3lib/"
184 define('PATH_t3lib', PATH_site . 't3lib/');
185
186 // Absolute path to the typo3conf directory with trailing slash
187 // Example "/var/www/instance-name/htdocs/typo3conf/"
188 define('PATH_typo3conf', PATH_site . 'typo3conf/');
189
190 // Absolute path to the tslib directory with trailing slash
191 // Example "/var/www/instance-name/htdocs/typo3/sysext/cms/tslib/"
192 define('PATH_tslib', PATH_typo3 . 'sysext/cms/tslib/');
193 }
194
195 /**
196 * Check if path and script file name calculation was successful, exit if not.
197 *
198 * @return void
199 */
200 protected static function checkMainPathsExist() {
201 if (!is_file(PATH_thisScript)) {
202 die('Unable to determine path to entry script.');
203 }
204 if (!is_dir(PATH_t3lib)) {
205 die('Calculated absolute path to t3lib directory does not exist.');
206 }
207 if (!is_dir(PATH_tslib)) {
208 die('Calculated absolute path to tslib directory does not exist.');
209 }
210 if (!is_dir(PATH_typo3conf)) {
211 die('Calculated absolute path to typo3conf directory does not exist');
212 }
213 }
214
215 /**
216 * Load several base classes during bootstrap
217 *
218 * @return void
219 */
220 protected static function requireBaseClasses() {
221 /** @define "PATH_t3lib" "../../../t3lib/" */
222 require_once(PATH_t3lib . 'class.t3lib_div.php');
223
224 require_once(PATH_t3lib . 'utility/class.t3lib_utility_array.php');
225 require_once(PATH_t3lib . 'class.t3lib_configuration.php');
226 require_once(PATH_t3lib . 'class.t3lib_extmgm.php');
227
228 require_once(PATH_t3lib . 'class.t3lib_cache.php');
229 require_once(PATH_t3lib . 'cache/class.t3lib_cache_exception.php');
230 require_once(PATH_t3lib . 'cache/exception/class.t3lib_cache_exception_nosuchcache.php');
231 require_once(PATH_t3lib . 'cache/exception/class.t3lib_cache_exception_invaliddata.php');
232 require_once(PATH_t3lib . 'interfaces/interface.t3lib_singleton.php');
233 require_once(PATH_t3lib . 'cache/class.t3lib_cache_factory.php');
234 require_once(PATH_t3lib . 'cache/class.t3lib_cache_manager.php');
235 require_once(PATH_t3lib . 'cache/frontend/interfaces/interface.t3lib_cache_frontend_frontend.php');
236 require_once(PATH_t3lib . 'cache/frontend/class.t3lib_cache_frontend_abstractfrontend.php');
237 require_once(PATH_t3lib . 'cache/frontend/class.t3lib_cache_frontend_stringfrontend.php');
238 require_once(PATH_t3lib . 'cache/frontend/class.t3lib_cache_frontend_phpfrontend.php');
239 require_once(PATH_t3lib . 'cache/backend/interfaces/interface.t3lib_cache_backend_backend.php');
240 require_once(PATH_t3lib . 'cache/backend/interfaces/interface.t3lib_cache_backend_taggablebackend.php');
241 require_once(PATH_t3lib . 'cache/backend/class.t3lib_cache_backend_abstractbackend.php');
242 require_once(PATH_t3lib . 'cache/backend/interfaces/interface.t3lib_cache_backend_phpcapablebackend.php');
243 require_once(PATH_t3lib . 'cache/backend/class.t3lib_cache_backend_simplefilebackend.php');
244 require_once(PATH_t3lib . 'cache/backend/class.t3lib_cache_backend_nullbackend.php');
245 require_once(PATH_t3lib . 'log/class.t3lib_log_level.php');
246
247 require_once(PATH_t3lib . 'class.t3lib_autoloader.php');
248 }
249
250 /**
251 * Compatibility layer for magic quotes
252 *
253 * @return void
254 */
255 protected static function handleMagicQuotesGpc() {
256 if (!get_magic_quotes_gpc()) {
257 t3lib_div::addSlashesOnArray($_GET);
258 t3lib_div::addSlashesOnArray($_POST);
259 $GLOBALS['HTTP_GET_VARS'] = $_GET;
260 $GLOBALS['HTTP_POST_VARS'] = $_POST;
261 }
262 }
263
264 /**
265 * Add typo3/contrib/pear/ as first include folder in
266 * include path, because the shipped PEAR packages use
267 * relative paths to include their files.
268 *
269 * This is required for t3lib_http_Request to work.
270 *
271 * Having the TYPO3 folder first will make sure that the
272 * shipped version is loaded before any local PEAR package,
273 * thus avoiding any incompatibilities with newer or older
274 * versions.
275 *
276 * @return void
277 */
278 protected static function addCorePearPathToIncludePath() {
279 set_include_path(PATH_typo3 . 'contrib/pear/' . PATH_SEPARATOR . get_include_path());
280 }
281
282 /**
283 * Set up / initialize several globals variables
284 *
285 * @return void
286 */
287 protected static function initializeGlobalVariables() {
288 // Unset variable(s) in global scope (security issue #13959)
289 unset($GLOBALS['error']);
290
291 // Set up base information about browser/user-agent
292 $GLOBALS['CLIENT'] = t3lib_div::clientInfo();
293
294 $GLOBALS['TYPO3_MISC'] = array();
295 $GLOBALS['T3_VAR'] = array();
296 $GLOBALS['T3_SERVICES'] = array();
297 }
298
299 /**
300 * Load default TYPO3_CONF_VARS to globals
301 *
302 * @return void
303 */
304 protected static function loadDefaultConfiguration() {
305 $GLOBALS['TYPO3_CONF_VARS'] = t3lib_Configuration::getDefaultConfiguration();
306 }
307
308 /**
309 * Initialize global time tracking variables.
310 * These are helpers to for example output script parsetime at the end of a script.
311 *
312 * @return void
313 */
314 protected static function initializeGlobalTimeTrackingVariables() {
315 // Set PARSETIME_START to the system time in milliseconds.
316 $GLOBALS['PARSETIME_START'] = t3lib_div::milliseconds();
317 // Microtime of (nearly) script start
318 $GLOBALS['TYPO3_MISC']['microtime_start'] = microtime(TRUE);
319
320 // EXEC_TIME is set so that the rest of the script has a common value for the script execution time
321 $GLOBALS['EXEC_TIME'] = time();
322 // $ACCESS_TIME is a common time in minutes for access control
323 $GLOBALS['ACCESS_TIME'] = $GLOBALS['EXEC_TIME'] - ($GLOBALS['EXEC_TIME'] % 60);
324
325 // $SIM_EXEC_TIME is set to $EXEC_TIME but can be altered later in the script if we want to
326 // simulate another execution-time when selecting from eg. a database
327 $GLOBALS['SIM_EXEC_TIME'] = $GLOBALS['EXEC_TIME'];
328 // If $SIM_EXEC_TIME is changed this value must be set accordingly
329 $GLOBALS['SIM_ACCESS_TIME'] = $GLOBALS['ACCESS_TIME'];
330 }
331
332 /**
333 * Initialize basic error reporting.
334 *
335 * There are a lot of extensions that have no strict / notice / deprecated free
336 * ext_localconf or ext_tables. Since the final error reporting must be set up
337 * after those extension files are read, a default configuration is needed to
338 * suppress error reporting meanwhile during further bootstrap.
339 *
340 * @return void
341 */
342 protected static function initializeBasicErrorReporting() {
343 // Core should be notice free at least until this point ...
344 error_reporting(E_ALL & ~(E_STRICT | E_NOTICE | E_DEPRECATED));
345 }
346
347 /**
348 * Determine the operating system TYPO3 is running on.
349 *
350 * @return string Either 'WIN' if running on Windows, else empty string
351 */
352 protected static function getTypo3Os() {
353 $typoOs = '';
354 if (!stristr(PHP_OS, 'darwin') && stristr(PHP_OS, 'win')) {
355 $typoOs = 'WIN';
356 }
357 return $typoOs;
358 }
359
360 /**
361 * Calculate PATH_thisScript
362 *
363 * First step in path calculation: Goal is to find the absolute path of the entry script
364 * that was called without resolving any links. This is important since the TYPO3 entry
365 * points are often linked to a central core location, so we can not use the php magic
366 * __FILE__ here, but resolve the called script path from given server environments.
367 *
368 * This path is important to calculate the document root (PATH_site). The strategy is to
369 * find out the script name that was called in the first place and to subtract the local
370 * part from it to find the document root.
371 *
372 * @return string Absolute path to entry script
373 */
374 protected static function getPathThisScript() {
375 if (defined('TYPO3_cliMode') && TYPO3_cliMode === TRUE) {
376 return self::getPathThisScriptCli();
377 } else {
378 return self::getPathThisScriptNonCli();
379 }
380 }
381
382 /**
383 * Calculate path to entry script if not in cli mode.
384 *
385 * Depending on the environment, the script path is found in different $_SERVER variables.
386 *
387 * @return string Absolute path to entry script
388 */
389 protected static function getPathThisScriptNonCli() {
390 $cgiPath = '';
391 if (isset($_SERVER['ORIG_PATH_TRANSLATED'])) {
392 $cgiPath = $_SERVER['ORIG_PATH_TRANSLATED'];
393 } elseif (isset($_SERVER['PATH_TRANSLATED'])) {
394 $cgiPath = $_SERVER['PATH_TRANSLATED'];
395 }
396 if ($cgiPath && (PHP_SAPI === 'fpm-fcgi' || PHP_SAPI === 'cgi' || PHP_SAPI === 'isapi' || PHP_SAPI === 'cgi-fcgi')) {
397 $scriptPath = $cgiPath;
398 } else {
399 if (isset($_SERVER['ORIG_SCRIPT_FILENAME'])) {
400 $scriptPath = $_SERVER['ORIG_SCRIPT_FILENAME'];
401 } else {
402 $scriptPath = $_SERVER['SCRIPT_FILENAME'];
403 }
404 }
405 // Replace \ to / for Windows
406 $scriptPath = str_replace('\\', '/', $scriptPath);
407 // Replace double // to /
408 $scriptPath = str_replace('//', '/', $scriptPath);
409
410 return $scriptPath;
411 }
412
413 /**
414 * Calculate path to entry script if in cli mode.
415 *
416 * First argument of a cli script is the path to the script that was called. If the script does not start
417 * with / (or A:\ for Windows), the path is not absolute yet, and the current working directory is added.
418 *
419 * @return string Absolute path to entry script
420 */
421 protected static function getPathThisScriptCli() {
422 // Possible relative path of the called script
423 if (isset($_SERVER['argv'][0])) {
424 $scriptPath = $_SERVER['argv'][0];
425 } elseif (isset($_ENV['_'])) {
426 $scriptPath = $_ENV['_'];
427 } else {
428 $scriptPath = $_SERVER['_'];
429 }
430
431 // Find out if path is relative or not
432 $isRelativePath = FALSE;
433 if (TYPO3_OS === 'WIN') {
434 if (!preg_match('/^([A-Z]:)?\\\/', $scriptPath)) {
435 $isRelativePath = TRUE;
436 }
437 } else {
438 if (substr($scriptPath, 0, 1) !== '/') {
439 $isRelativePath = TRUE;
440 }
441 }
442
443 // Concatenate path to current working directory with relative path and remove "/./" constructs
444 if ($isRelativePath) {
445 if (isset($_SERVER['PWD'])) {
446 $workingDirectory = $_SERVER['PWD'];
447 } else {
448 $workingDirectory = getcwd();
449 }
450 $scriptPath = $workingDirectory . '/' . preg_replace('/\.\//', '', $scriptPath);
451 }
452
453 return $scriptPath;
454 }
455
456 /**
457 * Calculate the document root part to the instance from PATH_thisScript
458 *
459 * There are two ways to hint correct calculation:
460 * Either an explicit specified sub path or the defined constant TYPO3_MOD_PATH. Which one is
461 * used depends on which entry script was called in the first place.
462 *
463 * We have two main scenarios for entry points:
464 * - Directly called documentRoot/index.php (-> FE call or eiD include): index.php sets $relativePathPart to
465 * empty string to hint this code that the document root is identical to the directory the script is located at.
466 * - An indirect include of typo3/init.php (-> a backend module, the install tool, or scripts like thumbs.php).
467 * If init.php is included we distinguish two cases:
468 * -- A backend module defines 'TYPO3_MOD_PATH': This is the case for "old" modules that are not called through
469 * "mod.php" dispatcher, and in the install tool. The TYPO3_MOD_PATH defines the relative path to the typo3/
470 * directory. This is taken as base to calculate the document root.
471 * -- A script includes init.php and does not define 'TYPO3_MOD_PATH': This is the case for the mod.php dispatcher
472 * and other entry scripts like 'cli_dispatch.phpsh' or 'thumbs.php' that are located parallel to init.php. In
473 * this case init.php sets 'typo3/' as $relativePathPart as base to calculate the document root.
474 *
475 * This basically boils down to the following code:
476 * If TYPO3_MOD_PATH is defined, subtract this 'local' part from the entry point directory, else use
477 * $relativePathPart to subtract this from the the script entry point to find out the document root.
478 *
479 * @param string $relativePathPart Relative directory part from document root to script path if TYPO3_MOD_PATH is not used
480 * @return string Absolute path to document root of installation
481 */
482 protected static function getPathSite($relativePathPart) {
483 // If end of path is not "typo3/" and TYPO3_MOD_PATH is given
484 if (defined('TYPO3_MOD_PATH')) {
485 return self::getPathSiteByTypo3ModulePath();
486 } else {
487 return self::getPathSiteByRelativePathPart($relativePathPart);
488 }
489 }
490
491 /**
492 * Calculate document root by TYPO3_MOD_PATH
493 *
494 * TYPO3_MOD_PATH can have the following values:
495 * - "sysext/extensionName/path/entryScript.php" -> extension is below 'docRoot'/typo3/sysext
496 * - "ext/extensionName/path/entryScript.php" -> extension is below 'docRoot'/typo3/ext
497 * - "../typo3conf/ext/extensionName/path/entryScript.php" -> extension is below 'docRoot'/typo3conf/ext
498 *- "install/index.php" -> install tool in 'docRoot'/typo3/install/
499 *
500 * The method unifies the above and subtracts the calculated path part from PATH_thisScript
501 *
502 * @return string Absolute path to document root of installation
503 */
504 protected static function getPathSiteByTypo3ModulePath() {
505 if (
506 substr(TYPO3_MOD_PATH, 0, strlen('sysext/')) === 'sysext/'
507 || substr(TYPO3_MOD_PATH, 0, strlen('ext/')) === 'ext/'
508 || substr(TYPO3_MOD_PATH, 0, strlen('install/')) === 'install/'
509 ) {
510 $pathPartRelativeToDocumentRoot = TYPO3_mainDir . TYPO3_MOD_PATH;
511 } elseif (substr(TYPO3_MOD_PATH, 0, strlen('../typo3conf/')) === '../typo3conf/') {
512 $pathPartRelativeToDocumentRoot = substr(TYPO3_MOD_PATH, 3);
513 } else {
514 die('Unable to determine TYPO3 document root.');
515 }
516
517 $entryScriptDirectory = self::getUnifiedDirectoryNameWithTrailingSlash(PATH_thisScript);
518
519 return substr($entryScriptDirectory, 0, -strlen($pathPartRelativeToDocumentRoot));
520 }
521
522 /**
523 * Find out document root by subtracting $relativePathPart from PATH_thisScript
524 *
525 * @param string $relativePathPart Relative part of script from document root
526 * @return string Absolute path to document root of installation
527 */
528 protected static function getPathSiteByRelativePathPart($relativePathPart) {
529 $entryScriptDirectory = self::getUnifiedDirectoryNameWithTrailingSlash(PATH_thisScript);
530 if (strlen($relativePathPart) > 0) {
531 $pathSite = substr($entryScriptDirectory, 0, -strlen($relativePathPart));
532 } else {
533 $pathSite = $entryScriptDirectory;
534 }
535 return $pathSite;
536 }
537
538 /**
539 * Remove file name from script path and unify for Windows and Unix
540 *
541 * @param string $absolutePath Absolute path to script
542 * @return string Directory name of script file location, unified for Windows and Unix
543 */
544 protected static function getUnifiedDirectoryNameWithTrailingSlash($absolutePath) {
545 $directory = dirname($absolutePath);
546 if (TYPO3_OS === 'WIN') {
547 $directory = str_replace('\\', '/', $directory);
548 }
549 return $directory . '/';
550 }
551 }
552 ?>