Hooks in tslib_fe, Frontend login mode feature for pages; various other things. see...
[Packages/TYPO3.CMS.git] / typo3 / sysext / cms / tslib / class.tslib_fe.php
index 9fb1915..3b98e3e 100755 (executable)
@@ -2,7 +2,7 @@
 /***************************************************************
 *  Copyright notice
 *
-*  (c) 1999-2004 Kasper Skaarhoj (kasper@typo3.com)
+*  (c) 1999-2004 Kasper Skaarhoj (kasperYYYY@typo3.com)
 *  All rights reserved
 *
 *  This script is part of the TYPO3 project. The TYPO3 project is
  * Revised for TYPO3 3.6 June/2003 by Kasper Skaarhoj
  * XHTML compliant
  *
- * @author     Kasper Skaarhoj <kasper@typo3.com>
+ * @author     Kasper Skaarhoj <kasperYYYY@typo3.com>
  */
 /**
  * [CLASS/FUNCTION INDEX of SCRIPT]
  *
  *
  *
- *  182: class tslib_fe
- *  337:     function tslib_fe($TYPO3_CONF_VARS, $id, $type, $no_cache='', $cHash='', $jumpurl='',$MP='',$RDCT='')
- *  368:     function connectToMySQL()
- *  404:     function sendRedirect()
+ *  200: class tslib_fe
+ *  366:     function tslib_fe($TYPO3_CONF_VARS, $id, $type, $no_cache='', $cHash='', $jumpurl='',$MP='',$RDCT='')
+ *  399:     function connectToMySQL()
+ *  409:     function connectToDB()
+ *  454:     function sendRedirect()
  *
  *              SECTION: Initializing, resolving page id
- *  442:     function initFEuser()
- *  496:     function checkAlternativeIdMethods()
- *  548:     function clear_preview()
- *  561:     function determineId()
- *  641:     function fetch_the_id()
- *  746:     function getPageAndRootline()
- *  808:     function getPageShortcut($SC,$mode,$thisUid,$itera=20,$pageLog=array())
- *  858:     function checkRootlineForIncludeSection()
- *  891:     function checkEnableFields($row)
- *  909:     function checkPagerecordForIncludeSection($row)
- *  921:     function setIDfromArgV()
- *  937:     function getPageAndRootlineWithDomain($domainStartPage)
- *  965:     function findDomainRecord($recursive=0)
- *  986:     function pageNotFoundHandler($code,$header='')
- * 1008:     function checkAndSetAlias()
- * 1023:     function idPartsAnalyze($str)
- * 1048:     function mergingWithGetVars($GET_VARS)
+ *  492:     function initFEuser()
+ *  542:     function initUserGroups()
+ *  589:     function checkAlternativeIdMethods()
+ *  641:     function clear_preview()
+ *  654:     function determineId()
+ *  772:     function fetch_the_id()
+ *  867:     function getPageAndRootline()
+ *  933:     function getPageShortcut($SC,$mode,$thisUid,$itera=20,$pageLog=array())
+ *  983:     function checkRootlineForIncludeSection()
+ * 1016:     function checkEnableFields($row)
+ * 1034:     function checkPageGroupAccess($row, $groupList=NULL)
+ * 1053:     function checkPagerecordForIncludeSection($row)
+ * 1062:     function checkIfLoginAllowedInBranch()
+ * 1090:     function setIDfromArgV()
+ * 1106:     function getPageAndRootlineWithDomain($domainStartPage)
+ * 1133:     function setSysPageWhereClause()
+ * 1143:     function getPagesGroupClause()
+ * 1154:     function findDomainRecord($recursive=0)
+ * 1173:     function pageNotFoundAndExit($reason='')
+ * 1187:     function pageNotFoundHandler($code, $header='', $reason='')
+ * 1225:     function checkAndSetAlias()
+ * 1240:     function idPartsAnalyze($str)
+ * 1265:     function mergingWithGetVars($GET_VARS)
  *
  *              SECTION: Template and caching related functions.
- * 1096:     function makeCacheHash()
- * 1119:     function cHashParams($addQueryParams)
- * 1140:     function initTemplate()
- * 1152:     function getFromCache()
- * 1210:     function getHash()
- * 1230:     function getConfigArray()
+ * 1313:     function makeCacheHash()
+ * 1336:     function cHashParams($addQueryParams)
+ * 1345:     function initTemplate()
+ * 1357:     function getFromCache()
+ * 1416:     function headerNoCache()
+ * 1443:     function getHash()
+ * 1463:     function getConfigArray()
  *
  *              SECTION: Further initialization and data processing
- * 1344:     function getCompressedTCarray()
- * 1381:     function includeTCA($TCAloaded=1)
- * 1407:     function settingLanguage()
- * 1447:     function checkDataSubmission()
- * 1474:     function fe_tce()
- * 1488:     function locDataCheck($locationData)
- * 1504:     function sendFormmail()
- * 1547:     function checkJumpUrl()
- * 1629:     function jumpUrl()
- * 1672:     function setUrlIdToken()
+ * 1585:     function getCompressedTCarray()
+ * 1639:     function includeTCA($TCAloaded=1)
+ * 1666:     function settingLanguage()
+ * 1756:     function settingLocale()
+ * 1781:     function checkDataSubmission()
+ * 1806:     function fe_tce()
+ * 1820:     function locDataCheck($locationData)
+ * 1836:     function sendFormmail()
+ * 1879:     function checkJumpUrl()
+ * 1961:     function jumpUrl()
+ * 2004:     function setUrlIdToken()
  *
  *              SECTION: Page generation; cache handling
- * 1715:     function isGeneratePage()
- * 1725:     function tempPageCacheContent()
- * 1756:     function realPageCacheContent()
- * 1778:     function setPageCacheContent($c,$d,$t)
- * 1800:     function clearPageCacheContent()
- * 1810:     function clearPageCacheContent_pidList($pidList)
- * 1821:     function setSysLastChanged()
+ * 2047:     function isGeneratePage()
+ * 2057:     function tempPageCacheContent()
+ * 2089:     function realPageCacheContent()
+ * 2119:     function setPageCacheContent($c,$d,$t)
+ * 2144:     function clearPageCacheContent()
+ * 2154:     function clearPageCacheContent_pidList($pidList)
+ * 2165:     function setSysLastChanged()
  *
  *              SECTION: Page generation; rendering and inclusion
- * 1857:     function generatePage_preProcessing()
- * 1893:     function generatePage_whichScript()
- * 1905:     function generatePage_postProcessing()
- * 1993:     function INTincScript()
- * 2054:     function INTincScript_loadJSCode()
- * 2095:     function isINTincScript()
- * 2104:     function isSearchIndexPage()
- * 2113:     function doXHTML_cleaning()
- * 2122:     function doLocalAnchorFix()
+ * 2201:     function generatePage_preProcessing()
+ * 2223:     function generatePage_whichScript()
+ * 2235:     function generatePage_postProcessing()
+ * 2327:     function INTincScript()
+ * 2387:     function INTincScript_loadJSCode()
+ * 2428:     function isINTincScript()
+ * 2437:     function doXHTML_cleaning()
+ * 2446:     function doLocalAnchorFix()
  *
  *              SECTION: Finished off; outputting, storing session data, statistics...
- * 2153:     function isOutputting()
- * 2164:     function processOutput()
- * 2230:     function isEXTincScript()
- * 2239:     function storeSessionData()
- * 2249:     function setParseTime()
- * 2261:     function statistics()
- * 2355:     function previewInfo()
- * 2376:     function beLoginLinkIPList()
+ * 2477:     function isOutputting()
+ * 2500:     function processOutput()
+ * 2572:     function sendCacheHeaders()
+ * 2633:     function isStaticCacheble()
+ * 2648:     function contentStrReplace()
+ * 2674:     function isEXTincScript()
+ * 2683:     function storeSessionData()
+ * 2693:     function setParseTime()
+ * 2705:     function statistics()
+ * 2804:     function previewInfo()
+ * 2825:     function hook_eofe()
+ * 2841:     function beLoginLinkIPList()
  *
  *              SECTION: Various internal API functions
- * 2431:     function makeSimulFileName($inTitle,$page,$type,$addParams='',$no_cache='')
- * 2478:     function simulateStaticDocuments_pEnc_onlyP_proc($linkVars)
- * 2506:     function getSimulFileName()
- * 2519:     function encryptEmail($string,$back=0)
- * 2538:     function codeString($string, $decode=FALSE)
- * 2564:     function roundTripCryptString($string)
- * 2584:     function checkFileInclude($incFile)
- * 2599:     function newCObj()
- * 2612:     function setAbsRefPrefix()
- * 2628:     function printError($label,$header='Error!')
- * 2639:     function updateMD5paramsRecord($hash)
- * 2650:     function tidyHTML($content)
- * 2676:     function prefixLocalAnchorsWithScript()
+ * 2896:     function makeSimulFileName($inTitle,$page,$type,$addParams='',$no_cache='')
+ * 2939:     function simulateStaticDocuments_pEnc_onlyP_proc($linkVars)
+ * 2968:     function getSimulFileName()
+ * 2982:     function fileNameASCIIPrefix($inTitle,$titleChars,$mergeChar='.')
+ * 3000:     function encryptEmail($string,$back=0)
+ * 3019:     function codeString($string, $decode=FALSE)
+ * 3045:     function roundTripCryptString($string)
+ * 3065:     function checkFileInclude($incFile)
+ * 3080:     function newCObj()
+ * 3093:     function setAbsRefPrefix()
+ * 3107:     function baseUrlWrap($url)
+ * 3126:     function printError($label,$header='Error!')
+ * 3137:     function updateMD5paramsRecord($hash)
+ * 3148:     function tidyHTML($content)
+ * 3174:     function prefixLocalAnchorsWithScript()
  *
  *              SECTION: Various external API functions - for use in plugins etc.
- * 2720:     function getStorageSiterootPids()
- * 2735:     function getPagesTSconfig()
- * 2768:     function setJS($key,$content='')
- * 2806:     function setCSS($key,$content)
- * 2821:     function make_seed()
- * 2834:     function uniqueHash($str='')
- * 2843:     function set_no_cache()
- * 2853:     function set_cache_timeout_default($seconds)
- * 2869:     function plainMailEncoded($email,$subject,$message,$headers='')
- * 2892:     function sL($input)
- * 2929:     function csConv($str,$from='')
- * 2948:     function readLLfile($fileRef)
- * 2963:     function getLLL($index,$LOCAL_LANG)
- * 2977:     function initLLvars()
+ * 3218:     function getStorageSiterootPids()
+ * 3233:     function getPagesTSconfig()
+ * 3266:     function setJS($key,$content='')
+ * 3304:     function setCSS($key,$content)
+ * 3319:     function make_seed()
+ * 3332:     function uniqueHash($str='')
+ * 3341:     function set_no_cache()
+ * 3351:     function set_cache_timeout_default($seconds)
+ * 3367:     function plainMailEncoded($email,$subject,$message,$headers='')
  *
- * TOTAL FUNCTIONS: 87
+ *              SECTION: Localization
+ * 3408:     function sL($input)
+ * 3437:     function readLLfile($fileRef)
+ * 3452:     function getLLL($index,$LOCAL_LANG)
+ * 3466:     function initLLvars()
+ * 3500:     function csConv($str,$from='')
+ * 3518:     function convOutputCharset($content,$label)
+ * 3531:     function convPOSTCharset()
+ *
+ * TOTAL FUNCTIONS: 103
  * (This index is automatically created/updated by the extension "extdeveval")
  *
  */
 /**
  * Main frontend class, instantiated in the index_ts.php script as the global object TSFE
  *
- * @author     Kasper Skaarhoj <kasper@typo3.com>
+ * @author     Kasper Skaarhoj <kasperYYYY@typo3.com>
  * @package TYPO3
  * @subpackage tslib
  */
        var $tmpl='';                                           // The TypoScript template object. Used to parse the TypoScript template
        var $cacheTimeOutDefault='';            // Is set to the time-to-live time of cached pages. If false, default is 60*60*24, which is 24 hours.
        var $cacheContentFlag='';                       // Set internally if cached content is fetched from the database
+       var $cacheExpires=0;                            // Set to the expire time of cached content
+       var $isClientCachable=FALSE;            // Set if cache headers allowing caching are sent.
        var $all='';                                            // $all used by template fetching system. This array is an identification of the template. If $this->all is empty it's because the template-data is not cached, which it must be.
        var $sPre='';                                           // toplevel - objArrayName, eg 'page'
        var $pSetup='';                                         // TypoScript configuration of the page-object pointed to by sPre. $this->tmpl->setup[$this->sPre.'.']
                $this->no_cache = $no_cache ? 1 : 0;
                $this->cHash = $cHash;
                $this->jumpurl = $jumpurl;
-               $this->MP = $this->TYPO3_CONF_VARS['FE']['enable_mount_pids'] ? $MP : '';
+               $this->MP = $this->TYPO3_CONF_VARS['FE']['enable_mount_pids'] ? (string)$MP : '';
                $this->RDCT = $RDCT;
                $this->clientInfo = t3lib_div::clientInfo();
                $this->uniqueString=md5(microtime());
        }
 
        /**
-        * Connect to SQL database
+        * Connect to MySQL database
         * May exit after outputting an error message or some JavaScript redirecting to the install tool.
+        * Use connectToDB() instead!
         *
         * @return      void
+        * @deprecated
         */
        function connectToMySQL()       {
+         $this->connectToDB();
+       }
+
+       /**
+        * Connect to SQL database
+        * May exit after outputting an error message or some JavaScript redirecting to the install tool.
+        *
+        * @return      void
+        */
+       function connectToDB()  {
                if ($GLOBALS['TYPO3_DB']->sql_pconnect(TYPO3_db_host, TYPO3_db_username, TYPO3_db_password))    {
                        if (!TYPO3_db)  {
                                $this->printError('No database selected','Database Error');
                        $this->printError('The current username, password or host was not accepted when the connection to the database was attempted to be established!','Database Error');
                        exit;
                }
+
+
+                       // Call post processing function for DB connection:
+               if (is_array($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/class.tslib_fe.php']['connectToDB']))  {
+                       $_params = array('pObj' => &$this);
+                       foreach($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/class.tslib_fe.php']['connectToDB'] as $_funcRef)   {
+                               t3lib_div::callUserFunction($_funcRef,$_params,$this);
+                       }
+               }
        }
 
        /**
         * @return      void
         */
        function sendRedirect() {
-               $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('params', 'cache_md5params', 'md5hash="'.$GLOBALS['TYPO3_DB']->quoteStr($this->RDCT, 'cache_md5params').'"');
+               $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('params', 'cache_md5params', 'md5hash='.$GLOBALS['TYPO3_DB']->fullQuoteStr($this->RDCT, 'cache_md5params'));
                if ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
                        $this->updateMD5paramsRecord($this->RDCT);
                        header('Location: '.$row['params']);
                $this->fe_user->lockIP = $this->TYPO3_CONF_VARS['FE']['lockIP'];
                $this->fe_user->lockHashKeyWords = $this->TYPO3_CONF_VARS['FE']['lockHashKeyWords'];
                $this->fe_user->checkPid = $this->TYPO3_CONF_VARS['FE']['checkFeUserPid'];
+               $this->fe_user->lifetime = intval($this->TYPO3_CONF_VARS['FE']['lifetime']);
                $this->fe_user->checkPid_value = $GLOBALS['TYPO3_DB']->cleanIntList(t3lib_div::_GP('pid'));     // List of pid's acceptable
 
                        // Check if a session is transferred:
                if (t3lib_div::_GP('FE_SESSION_KEY'))   {
                        $fe_sParts = explode('-',t3lib_div::_GP('FE_SESSION_KEY'));
                        if (!strcmp(md5($fe_sParts[0].'/'.$this->TYPO3_CONF_VARS['SYS']['encryptionKey']), $fe_sParts[1]))      {       // If the session key hash check is OK:
-                               $GLOBALS['HTTP_COOKIE_VARS'][$this->fe_user->name]=$fe_sParts[0];
-                               $this->fe_user->forceSetCookie=1;
+                               $_COOKIE[$this->fe_user->name] = $fe_sParts[0];
+                               $this->fe_user->forceSetCookie = 1;
                        }
                }
 
                        $this->fe_user->record_registration($recs);
                }
 
+                       // Call hook for possible manipulation of frontend user object
+               if (is_array($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/class.tslib_fe.php']['initFEuser']))   {
+                       $_params = array('pObj' => &$this);
+                       foreach($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/class.tslib_fe.php']['initFEuser'] as $_funcRef)    {
+                               t3lib_div::callUserFunction($_funcRef,$_params,$this);
+                       }
+               }
+
                        // For every 60 seconds the is_online timestamp is updated.
-               if (is_array($this->fe_user->user) && $this->fe_user->user['is_online']<($GLOBALS['EXEC_TIME']-60))     {
+               if (is_array($this->fe_user->user) && $this->fe_user->user['uid'] && $this->fe_user->user['is_online']<($GLOBALS['EXEC_TIME']-60))      {
                        $GLOBALS['TYPO3_DB']->exec_UPDATEquery('fe_users', 'uid='.intval($this->fe_user->user['uid']), array('is_online' => $GLOBALS['EXEC_TIME']));
                }
        }
 
        /**
         * Initializes the front-end user groups.
+        * Sets ->loginUser and ->gr_list based on front-end user status.
         *
         * @return      void
         */
        function initUserGroups() {
-                       // Sets ->loginUser and ->gr_list based on front-end user status.
+
                $this->fe_user->showHiddenRecords = $this->showHiddenRecords;           // This affects the hidden-flag selecting the fe_groups for the user!
-               // if (is_array($this->fe_user->user) && $this->fe_user->fetchGroupData())      {
-               $this->fe_user->fetchGroupData();       // no matter if we have an active user we try to fetch matching groups which can be set without an user.
+               $this->fe_user->fetchGroupData();       // no matter if we have an active user we try to fetch matching groups which can be set without an user (simulation for instance!)
+
                if (is_array($this->fe_user->user) && count($this->fe_user->groupData['uid']))  {
                        $this->loginUser=1;     // global flag!
                        $this->gr_list = '0,-2';        // group -2 is not an existing group, but denotes a 'default' group when a user IS logged in. This is used to let elements be shown for all logged in users!
                        $this->gr_list = '0,-1';        // group -1 is not an existing group, but denotes a 'default' group when not logged in. This is used to let elements be hidden, when a user is logged in!
                        $gr_array = $this->fe_user->groupData['uid'];
                }
-
                // TYPO3_CONF_VARS']['FE']['IPmaskMountGroups'] moved to sysext/sv/class.tx_sv_auth.php service
 
                        // Clean up.
                if ($this->fe_user->writeDevLog)        t3lib_div::devLog('Valid usergroups for TSFE: '.$this->gr_list, 'tslib_fe');
        }
 
-
        /**
         * Provides ways to bypass the '?id=[xxx]&type=[xx]' format, using either PATH_INFO or virtual HTML-documents (using Apache mod_rewrite)
         *
-        * Two options:
-        * 1) Apache mod_rewrite: Here a .htaccess file maps all .html-files to index.php and then we extract the id and type from the name of that HTML-file.
-        * 2) Use PATH_INFO (also Apache) to extract id and type from that var. Does not require any special modules compiled with apache.
+        * Three options:
+        * 1) Apache mod_rewrite: Here a .htaccess file maps all .html-files to index.php and then we extract the id and type from the name of that HTML-file. (AKA "simulateStaticDocuments")
+        * 2) Use PATH_INFO (also Apache) to extract id and type from that var. Does not require any special modules compiled with apache. (less typical)
+        * 3) Using hook which enables features like those provided from "realurl" extension (AKA "Speaking URLs")
         *
         * Support for RewriteRule to generate   (simulateStaticDocuments)
         * With the mod_rewrite compiled into apache, put these lines into a .htaccess in this directory:
                $this->siteScript = t3lib_div::getIndpEnv('TYPO3_SITE_SCRIPT');
 
                        // Resolving of "simulateStaticDocuments" URLs:
-               if ($this->siteScript && substr($this->siteScript,0,9)!='index.php')    {               // If there has been a redirect (basically; we arrived here otherwise than via "index.php" in the URL) this can happend either due to a CGI-script or because of reWrite rule. Earlier we used $GLOBALS['HTTP_SERVER_VARS']['REDIRECT_URL'] to check but
+               if ($this->siteScript && substr($this->siteScript,0,9)!='index.php')    {               // If there has been a redirect (basically; we arrived here otherwise than via "index.php" in the URL) this can happend either due to a CGI-script or because of reWrite rule. Earlier we used $_SERVER['REDIRECT_URL'] to check but
                        $uParts = parse_url($this->siteScript); // Parse the path:
                        $fI = t3lib_div::split_fileref($uParts['path']);
 
                                // Now it's investigated if the raw page-id points to a hidden page and if so, the flag is set.
                                // This does not require the preview flag to be set in the admin panel
                        if ($this->id)  {
-                               $idQ = t3lib_div::testInt($this->id) ? 'uid="'.intval($this->id).'"' : 'alias="'.$GLOBALS['TYPO3_DB']->quoteStr($this->id, 'pages').'" AND pid>=0';     // pid>=0 added for the sake of versioning...
-                               $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('hidden', 'pages', $idQ.' AND hidden AND NOT deleted');
+                               $idQ = t3lib_div::testInt($this->id) ? 'uid='.intval($this->id) : 'alias='.$GLOBALS['TYPO3_DB']->fullQuoteStr($this->id, 'pages').' AND pid>=0';        // pid>=0 added for the sake of versioning...
+                               $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('hidden', 'pages', $idQ.' AND hidden!=0 AND deleted=0');
                                if ($GLOBALS['TYPO3_DB']->sql_num_rows($res))   {
                                        $this->fePreview = 1;   // The preview flag is set only if the current page turns out to actually be hidden!
                                        $this->showHiddenPage = 1;
                                        // Resetting
                                $this->clear_preview();
                                $this->fe_user->user['usergroup'] = $fe_user_OLD_USERGROUP;
+
+                                       // Fetching the id again, now with the preview settings reset.
+                               $this->fetch_the_id();
+                       }
+               }
+
+                       // Checks if user logins are blocked for a certain branch and if so, will unset user login and re-fetch ID.
+               if (is_array($this->fe_user->user))     {       // Only if there is a login will we run this...
+                       if (!$this->checkIfLoginAllowedInBranch())      {
+                               unset($this->fe_user->user);
+
                                        // Fetching the id again, now with the preview settings reset.
                                $this->fetch_the_id();
                        }
                }
+
+
                        // Final cleaning.
                $this->id = $this->contentPid = intval($this->id);      // Make sure it's an integer
                $this->type = intval($this->type);      // Make sure it's an integer
 
-
                        // Call post processing function for id determination:
                if (is_array($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/class.tslib_fe.php']['determineId-PostProc'])) {
                        $_params = array('pObj' => &$this);
                $this->sys_page->versioningPreview = $this->fePreview ? TRUE : FALSE;
                if ($this->sys_page->versioningPreview) {
                        $this->sys_page->versionPreviewMap = $this->versionPreviewMap;
-#debug($this->sys_page->versionPreviewMap);
                }
 
                        // Set the valid usergroups for FE
                $GLOBALS['TT']->pull();
 
                if ($this->pageNotFound && $this->TYPO3_CONF_VARS['FE']['pageNotFound_handling'])       {
-                       $this->pageNotFoundHandler();
+                       $pNotFoundMsg = array(
+                               1 => 'ID was not an accessible page',
+                               2 => 'Subsection was found and not accessible',
+                               3 => 'ID was outside the domain',
+                       );
+                       $this->pageNotFoundAndExit($pNotFoundMsg[$this->pageNotFound]);
                }
 
                        // set no_cache if set
                if ($this->page['no_cache'])    {
                        $this->set_no_cache();
                }
+
                        // Init SYS_LASTCHANGED
                $this->register['SYS_LASTCHANGED'] = intval($this->page['tstamp']);
+               if ($this->register['SYS_LASTCHANGED'] < intval($this->page['SYS_LASTCHANGED']))        {
+                       $this->register['SYS_LASTCHANGED'] = intval($this->page['SYS_LASTCHANGED']);
+               }
        }
 
        /**
                                // If still no page...
                        if (!count($this->page))        {
                                if ($this->TYPO3_CONF_VARS['FE']['pageNotFound_handling'])      {
-                                       $this->pageNotFoundHandler();
+                                       $this->pageNotFoundAndExit('The requested page does not exist!');
                                } else {
                                        $this->printError('The requested page does not exist!');
                                        exit;
        }
 
        /**
+        * Checks if logins are allowed in the current branch of the page tree. Traverses the full root line and returns TRUE if logins are OK, otherwise false (and then the login user must be unset!)
+        *
+        * @return      boolean         returns TRUE if logins are OK, otherwise false (and then the login user must be unset!)
+        */
+       function checkIfLoginAllowedInBranch()  {
+
+                       // Initialize:
+               $c = count($this->rootLine);
+               $disable = FALSE;
+
+                       // Traverse root line from root and outwards:
+               for ($a=0; $a<$c; $a++) {
+
+                               // If a value is set for login state:
+                       if ($this->rootLine[$a]['fe_login_mode'] > 0)   {
+
+                                       // Determine state from value:
+                               $disable = (int)$this->rootLine[$a]['fe_login_mode'] === 1 ? TRUE : FALSE;
+                       }
+               }
+
+               return !$disable;
+       }
+
+       /**
         * This checks if there are ARGV-parameters in the QUERY_STRING and if so, those are used for the id
         * $this->id must be 'false' in order for any processing to happen in here
         * If an id/alias value is extracted from the QUERY_STRING it is set in $this->id
        /**
         * Return where-clause for group access
         *
-        * @return      string  Group where clause part
+        * @return      string          Group where clause part
         * @access private
         */
         function getPagesGroupClause() {
                if (gettype($code)=='boolean' || !strcmp($code,1))      {
                        $this->printError('The page did not exist or was inaccessible.'.($reason ? ' Reason: '.htmlspecialchars($reason) : ''));
                        exit;
-               } else if (t3lib_div::testInt($code))   {
+               } elseif (t3lib_div::testInt($code))    {
                        $this->printError('Error '.$code.($reason ? ' Reason: '.htmlspecialchars($reason) : ''));
                        exit;
                } elseif (t3lib_div::isFirstPartOfStr($code,'READFILE:')) {
                                $fileContent = str_replace('###CURRENT_URL###', t3lib_div::getIndpEnv('REQUEST_URI'), $fileContent);
                                $fileContent = str_replace('###REASON###', htmlspecialchars($reason), $fileContent);
                                echo $fileContent;
-               } else {
+                       } else {
                                $this->printError('Configuration Error: 404 page "'.$readFile.'" could not be found.');
                        }
                        exit;
                                parse_str($addParams,$GET_VARS);
                        break;
                        case 'M5':
-                               $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('params', 'cache_md5params', 'md5hash="'.$GLOBALS['TYPO3_DB']->quoteStr(substr($str,2), 'cache_md5params').'"');
+                               $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('params', 'cache_md5params', 'md5hash='.$GLOBALS['TYPO3_DB']->fullQuoteStr(substr($str,2), 'cache_md5params'));
                                $row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res);
 
                                $this->updateMD5paramsRecord(substr($str,2));
        }
 
        /**
-        * Merging values into the global $HTTP_GET_VARS/$_GET
+        * Merging values into the global $_GET
         *
         * @param       array           Array of key/value pairs that will be merged into the current GET-vars. (Non-escaped values)
         * @return      void
        function makeCacheHash()        {
                $GET = t3lib_div::_GET();
                if ($this->cHash && is_array($GET))     {
-                       $pA = $this->cHashParams(t3lib_div::implodeArrayForUrl('',$GET));
-                       $this->cHash_array = $pA;
+                       $this->cHash_array = t3lib_div::cHashParams(t3lib_div::implodeArrayForUrl('',$GET));
                        $cHash_calc = t3lib_div::shortMD5(serialize($this->cHash_array));
-#debug(array($cHash_calc,$this->cHash,$pA));
+
                        if ($cHash_calc!=$this->cHash)  {
                                $this->set_no_cache();
-                               $GLOBALS['TT']->setTSlogMessage('The incoming cHash "'.$this->cHash.'" and calculated cHash "'.$cHash_calc.'" did not match, so caching was disabled. The fieldlist used was "'.implode(',',array_keys($pA)).'"',2);
+                               $GLOBALS['TT']->setTSlogMessage('The incoming cHash "'.$this->cHash.'" and calculated cHash "'.$cHash_calc.'" did not match, so caching was disabled. The fieldlist used was "'.implode(',',array_keys($this->cHash_array)).'"',2);
                        }
                }
        }
         * @return      array           Array with key/value pairs of query-parameters WITHOUT a certain list of variable names (like id, type, no_cache etc) and WITH a variable, encryptionKey, specific for this server/installation
         * @access private
         * @see makeCacheHash(), tslib_cObj::typoLink()
+        * @obsolete
         */
        function cHashParams($addQueryParams) {
-               $params = explode('&',substr($addQueryParams,1));       // Splitting parameters up
-
-                       // Make array:
-               $pA = array();
-               foreach($params as $theP)       {
-                       $pKV = explode('=', $theP);     // SPlitting single param by '=' sign
-                       if (!t3lib_div::inList('id,type,no_cache,cHash,MP,ftu',$pKV[0]))        {
-                               $pA[$pKV[0]] = (string)rawurldecode($pKV[1]);
-                       }
-               }
-               $pA['encryptionKey'] = $this->TYPO3_CONF_VARS['SYS']['encryptionKey'];
-               ksort($pA);
-               return $pA;
+               return t3lib_div::cHashParams($addQueryParams);
        }
 
        /**
 
                $this->content='';      // clearing the content-variable, which will hold the pagecontent
                unset($this->config);   // Unsetting the lowlevel config
-               $this->cacheContentFlag=0;
-               if ($this->all && !$this->no_cache)     {
+               $this->cacheContentFlag = 0;
+
+                       // Look for page in cache only if caching is not disabled and if a shift-reload is not sent to the server.
+               if ($this->all && !$this->no_cache && !$this->headerNoCache())  {
+
                        $this->newHash = $this->getHash();
 
                        $GLOBALS['TT']->push('Cache Query','');
                                $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
                                                        'S.*',
-                                                       'cache_pages AS S,pages AS P',
-                                                       'S.hash="'.$GLOBALS['TYPO3_DB']->quoteStr($this->newHash, 'cache_pages').'"
+                                                       'cache_pages S,pages P',
+                                                       'S.hash='.$GLOBALS['TYPO3_DB']->fullQuoteStr($this->newHash, 'cache_pages').'
                                                                AND S.page_id=P.uid
                                                                AND S.expires > '.intval($GLOBALS['EXEC_TIME']).'
-                                                               AND NOT P.deleted
-                                                               AND NOT P.hidden
+                                                               AND P.deleted=0
+                                                               AND P.hidden=0
                                                                AND P.starttime<='.intval($GLOBALS['EXEC_TIME']).'
                                                                AND (P.endtime=0 OR P.endtime>'.intval($GLOBALS['EXEC_TIME']).')'
                                                );
                        $GLOBALS['TT']->pull();
                        $GLOBALS['TT']->push('Cache Row','');
                                if ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
-                                       $this->config = unserialize($row['cache_data']);                // Fetches the lowlevel config stored with the cached data
+                                       $this->config = (array)unserialize($row['cache_data']);         // Fetches the lowlevel config stored with the cached data
                                        $this->content = $row['HTML'];  // Getting the content
-                                       $this->cacheContentFlag=1;      // Setting flag, so we know, that some cached content is gotten.
+                                       $this->cacheContentFlag = 1;    // Setting flag, so we know, that some cached content is gotten.
+                                       $this->cacheExpires = $row['expires'];
 
                                        if ($this->TYPO3_CONF_VARS['FE']['debug'] || $this->config['config']['debug'])  {
                                                $this->content.=chr(10).'<!-- Cached page generated '.Date('d/m Y H:i', $row['tstamp']).'. Expires '.Date('d/m Y H:i', $row['expires']).' -->';
        }
 
        /**
+        * Detecting if shift-reload has been clicked
+        * Will not be called if re-generation of page happens by other reasons (for instance that the page is not in cache yet!)
+        *
+        * @return      boolean         If shift-reload in client browser has been clicked, disable getting cached page (and regenerate it).
+        */
+       function headerNoCache()        {
+               $disableAcquireCacheData = FALSE;
+
+               if (strtolower($_SERVER['HTTP_CACHE_CONTROL'])==='no-cache' || strtolower($_SERVER['HTTP_PRAGMA'])==='no-cache')        {
+                       $disableAcquireCacheData = TRUE;
+               }
+
+                       // Call hook for possible by-pass of requiring of page cache (for recaching purpose)
+               if (is_array($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/class.tslib_fe.php']['headerNoCache']))        {
+                       $_params = array('pObj' => &$this, 'disableAcquireCacheData' => &$disableAcquireCacheData);
+                       foreach($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/class.tslib_fe.php']['headerNoCache'] as $_funcRef) {
+                               t3lib_div::callUserFunction($_funcRef,$_params,$this);
+                       }
+               }
+
+               return $disableAcquireCacheData;
+       }
+
+       /**
         * Calculates the cache-hash
         * This hash is unique to the template, the variables ->id, ->type, ->gr_list (list of groups), ->MP (Mount Points) and cHash array
         * Used to get and later store the cached data.
                                'all' => $this->all,
                                'id' => intval($this->id),
                                'type' => intval($this->type),
-                               'gr_list' => $this->gr_list,
-                               'MP' => $this->MP,
+                               'gr_list' => (string)$this->gr_list,
+                               'MP' => (string)$this->MP,
                                'cHash' => $this->cHash_array
                        )
                );
 
                                                // STAT:
                                        $theLogFile = $this->TYPO3_CONF_VARS['FE']['logfile_dir'].$this->config['config']['stat_apache_logfile'];
-                                       if ($this->config['config']['stat_apache'] &&
-                                               $this->config['config']['stat_apache_logfile'] &&
-                                               !strstr($this->config['config']['stat_apache_logfile'],'/') &&
-                                               @is_dir($this->TYPO3_CONF_VARS['FE']['logfile_dir']) && @is_file($theLogFile)   && @is_writeable($theLogFile))  {
+                                               // Add PATH_site left to $theLogFile if the path is not absolute yet
+                                       if(!t3lib_div::isAbsPath($theLogFile)) $theLogFile = PATH_site.$theLogFile;
+
+                                       if ($this->config['config']['stat_apache'] && $this->config['config']['stat_apache_logfile'] && !strstr($this->config['config']['stat_apache_logfile'],'/'))    {
+                                               if(t3lib_div::isAllowedAbsPath($theLogFile) && @is_file($theLogFile) && @is_writable($theLogFile))      {
                                                        $this->config['stat_vars']['logFile'] = $theLogFile;
                                                        $shortTitle = substr(ereg_replace('[^\.[:alnum:]_-]','_',$this->page['title']),0,30);
                                                        $pageName = $this->config['config']['stat_apache_pagenames'] ? $this->config['config']['stat_apache_pagenames'] : '[path][title]--[uid].html';
                                                        $len = t3lib_div::intInRange($this->config['config']['stat_titleLen'],1,100,20);
                                                        $pageName = str_replace('[path]', ereg_replace('[^\.[:alnum:]\/_-]','_',$this->sys_page->getPathFromRootline($temp,$len)).'/' ,$pageName);
                                                        $this->config['stat_vars']['pageName'] = $pageName;
+                                               } else {
+                                                       $GLOBALS['TT']->setTSlogMessage('Could not set logfile path. Check filepath and permissions.',3);
+                                               }
                                        }
                                        $this->config['FEData'] = $this->tmpl->setup['FEData'];
                                        $this->config['FEData.'] = $this->tmpl->setup['FEData.'];
                $this->initLLvars();
 
                        // No cache
-               if ($this->config['config']['no_cache'])        {$this->set_no_cache();}                // Set $this->no_cache true if the config.no_cache value is set!
+               if ($this->config['config']['no_cache'])        { $this->set_no_cache(); }              // Set $this->no_cache true if the config.no_cache value is set!
 
                        // Check PATH_INFO url
                if ($this->absRefPrefix_force && strcmp($this->config['config']['simulateStaticDocuments'],'PATH_INFO'))        {
        }
 
        /**
-        * Setting locale
+        * Setting locale for frontend rendering
         *
         * @return      void
         */
         * @return      string          'email' if a formmail has been send, 'fe_tce' if front-end data submission (like forums, guestbooks) is send. '' if none.
         */
        function checkDataSubmission()  {
-               global $HTTP_POST_VARS;
-
-               if ($HTTP_POST_VARS['formtype_db'] || $HTTP_POST_VARS['formtype_mail']) {
+               if ($_POST['formtype_db'] || $_POST['formtype_mail'])   {
                        $refInfo = parse_url(t3lib_div::getIndpEnv('HTTP_REFERER'));
                        if (t3lib_div::getIndpEnv('TYPO3_HOST_ONLY')==$refInfo['host'] || $this->TYPO3_CONF_VARS['SYS']['doNotCheckReferer'])   {
-                               if ($this->locDataCheck($HTTP_POST_VARS['locationData']))       {
+                               if ($this->locDataCheck($_POST['locationData']))        {
                                        $ret = '';
-                                       if ($HTTP_POST_VARS['formtype_mail'])   {
+                                       if ($_POST['formtype_mail'])    {
                                                $ret = 'email';
-                                       } elseif ($HTTP_POST_VARS['formtype_db'] && is_array($HTTP_POST_VARS['data']))  {
+                                       } elseif ($_POST['formtype_db'] && is_array($_POST['data']))    {
                                                $ret = 'fe_tce';
                                        }
                                        $GLOBALS['TT']->setTSlogMessage('"Check Data Submission": Return value: '.$ret,0);
        /**
         * Checks if a formmail submission can be sent as email
         *
-        * @param       string          The input from $GLOBALS['HTTP_POST_VARS']['locationData']
+        * @param       string          The input from $_POST['locationData']
         * @return      void
         * @access private
         * @see checkDataSubmission()
                $formmail = t3lib_div::makeInstance('t3lib_formmail');
 
                $EMAIL_VARS = t3lib_div::_POST();
+               $locationData = $EMAIL_VARS['locationData'];
                unset($EMAIL_VARS['locationData']);
                unset($EMAIL_VARS['formtype_mail']);
 
                $integrityCheck = $this->TYPO3_CONF_VARS['FE']['strictFormmail'];
 
+               if(!$this->TYPO3_CONF_VARS['FE']['secureFormmail']) {
                        // Check recipient field:
-               $encodedFields = explode(',','recipient,recipient_copy');       // These two fields are the ones which contain recipient addresses that can be misused to send mail from foreign servers.
-               foreach($encodedFields as $fieldKey)    {
-                       if (strlen($EMAIL_VARS[$fieldKey]))     {
-                               if ($res = $this->codeString($EMAIL_VARS[$fieldKey], TRUE))     {       // Decode...
-                                       $EMAIL_VARS[$fieldKey] = $res;  // Set value if OK
-                               } elseif ($integrityCheck)      {       // Otherwise abort:
-                                       $GLOBALS['TT']->setTSlogMessage('"Formmail" discovered a field ('.$fieldKey.') which could not be decoded to a valid string. Sending formmail aborted due to security reasons!',3);
-                                       return FALSE;
-                               } else {
-                                       $GLOBALS['TT']->setTSlogMessage('"Formmail" discovered a field ('.$fieldKey.') which could not be decoded to a valid string. The security level accepts this, but you should consider a correct coding though!',2);
+                       $encodedFields = explode(',','recipient,recipient_copy');       // These two fields are the ones which contain recipient addresses that can be misused to send mail from foreign servers.
+                       foreach($encodedFields as $fieldKey)    {
+                               if (strlen($EMAIL_VARS[$fieldKey]))     {
+                                       if ($res = $this->codeString($EMAIL_VARS[$fieldKey], TRUE))     {       // Decode...
+                                               $EMAIL_VARS[$fieldKey] = $res;  // Set value if OK
+                                       } elseif ($integrityCheck)      {       // Otherwise abort:
+                                               $GLOBALS['TT']->setTSlogMessage('"Formmail" discovered a field ('.$fieldKey.') which could not be decoded to a valid string. Sending formmail aborted due to security reasons!',3);
+                                               return false;
+                                       } else {
+                                               $GLOBALS['TT']->setTSlogMessage('"Formmail" discovered a field ('.$fieldKey.') which could not be decoded to a valid string. The security level accepts this, but you should consider a correct coding though!',2);
+                                       }
                                }
                        }
+               } else {
+                 $locData = explode(':',$locationData);
+                 $record = $this->sys_page->checkRecord($locData[1],$locData[2],1);
+                 $EMAIL_VARS['recipient'] = $record['subheader'];
+                 $EMAIL_VARS['recipient_copy'] = $this->extractRecipientCopy($record['bodytext']);
                }
 
                        // Hook for preprocessing of the content for formmails:
        }
 
        /**
+        * Extracts the value of recipient copy field from a formmail CE bodytext
+        *
+        * @param string $bodytext The content of the related bodytext field
+        * @return string The value of the recipient_copy field, or an empty string
+        */
+       function extractRecipientCopy($bodytext) {
+               $recipient_copy = '';
+               $fdef = array();
+               //|recipient_copy=hidden|karsten@localhost.localdomain
+               preg_match('/^[\s]*\|[\s]*recipient_copy[\s]*=[\s]*hidden[\s]*\|(.*)$/m', $bodytext, $fdef);
+               $recipient_copy = (!empty($fdef[1])) ? $fdef[1] : '';
+               return $recipient_copy;
+       }
+
+       /**
         * Checks if jumpurl is set.
         * This function also takes care of jumpurl utilized by the Direct Mail module (ext: direct_mail) which may set an integer value for jumpurl which refers to a link in a certain mail-record, mid
         *
         * @return      void
         */
        function tempPageCacheContent() {
-               $this->tempContent=0;
+               $this->tempContent = 0;
+
                if (!$this->no_cache)   {
-                       $seconds=30;
+                       $seconds = 30;
                        $stdMsg = '
                        <html>
                                <head>
                                        <title>'.htmlspecialchars($this->tmpl->printTitle($this->page['title'])).'</title>
-                                       <meta http-equiv=Refresh Content="3; Url='.htmlspecialchars(t3lib_div::getIndpEnv('REQUEST_URI')).'" />
+                                       <meta http-equiv="refresh" content="3; URL='.htmlspecialchars(t3lib_div::getIndpEnv('REQUEST_URI')).'" />
                                </head>
                                <body bgcolor="white">
-                                       <font size="1" face="VERDANA,ARIAL,HELVETICA" color="#cccccc">
+                                       <span style="font-family:Verdana,Arial,Helvetica" color="#cccccc">
                                        <div align="center">
-                                               <b>Page is being generated.</b><br />
+                                               <strong>Page is being generated.</strong><br />
                                                If this message does not disappear within '.$seconds.' seconds, please reload.
                                        </div>
-                                       </font>
+                                       </span>
                                </body>
                        </html>';
                        $temp_content = $this->config['config']['message_page_is_being_generated'] ? $this->config['config']['message_page_is_being_generated'] : $stdMsg;
 
-                       $this->setPageCacheContent($temp_content,'',$GLOBALS['EXEC_TIME']+$seconds);
-                       $this->tempContent=1;           // This flag shows that temporary content is put in the cache
+                       $this->setPageCacheContent($temp_content, '', $GLOBALS['EXEC_TIME']+$seconds);
+                       $this->tempContent = 1;         // This flag shows that temporary content is put in the cache
                }
        }
 
                $timeOutTime = $GLOBALS['EXEC_TIME']+$cache_timeout;
                if ($this->config['config']['cache_clearAtMidnight'])   {
                        $midnightTime = mktime (0,0,0,date('m',$timeOutTime),date('d',$timeOutTime),date('Y',$timeOutTime));
-                       if ($midnightTime > time())     {               // If the midnight time of the expire-day is greater than the current time, we may set the timeOutTime to the new midnighttime.
+                       if ($midnightTime > $GLOBALS['EXEC_TIME'])      {               // If the midnight time of the expire-day is greater than the current time, we may set the timeOutTime to the new midnighttime.
                                $timeOutTime = $midnightTime;
                        }
                }
                $this->config['hash_base'] = $this->hash_base;
-               $this->setPageCacheContent($this->content,$this->config,$timeOutTime);
+               $this->setPageCacheContent($this->content, $this->config, $timeOutTime);
 
                        // Hook for cache post processing (eg. writing static files!)
                if (is_array($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/class.tslib_fe.php']['insertPageIncache']))    {
                        'HTML' => $c,
                        'cache_data' => serialize($d),
                        'expires' => $t,
-                       'tstamp' => time()
+                       'tstamp' => $GLOBALS['EXEC_TIME']
                );
+
+               $this->cacheExpires = $t;
+
                if ($this->page_cache_reg1)     {
                        $insertFields['reg1'] = intval($this->page_cache_reg1);
                }
         * @return      void
         */
        function clearPageCacheContent()        {
-               $GLOBALS['TYPO3_DB']->exec_DELETEquery('cache_pages', 'hash="'.$GLOBALS['TYPO3_DB']->quoteStr($this->newHash, 'cache_pages').'"');
+               $GLOBALS['TYPO3_DB']->exec_DELETEquery('cache_pages', 'hash='.$GLOBALS['TYPO3_DB']->fullQuoteStr($this->newHash, 'cache_pages'));
        }
 
        /**
                        }
                }
 
-                       // Indexing the page?
-               if ($this->isSearchIndexPage()) {
-                       $GLOBALS['TT']->push('Index page','');
-                               $indexer = t3lib_div::makeInstance('tx_indexedsearch_indexer');
-                               $indexer->init($this->content,$this->config['config'],$this->id,$this->type,$this->gr_list,$this->cHash_array,$this->register['SYS_LASTCHANGED'],$this->config['rootLine']);
-                               $indexer->indexTypo3PageContent();
-                       $GLOBALS['TT']->pull();
-               } elseif ($this->config['config']['index_enable'] && $this->no_cache) {
-                       $GLOBALS['TT']->push('Index page','');
-                       $GLOBALS['TT']->setTSlogMessage('Index page? No, page was set to "no_cache" and so cannot be indexed.');
-                       $GLOBALS['TT']->pull();
+                       // Hook for indexing pages
+               if (is_array($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/class.tslib_fe.php']['pageIndexing'])) {
+                       foreach($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/class.tslib_fe.php']['pageIndexing'] as $_classRef) {
+                               $_procObj = &t3lib_div::getUserObj($_classRef);
+                               $_procObj->hook_indexContent($this);
+                       }
                }
 
                        // Convert char-set for output:
@@ -2318,15 +2453,6 @@ if (version == "n3") {
        }
 
        /**
-        * Returns true if page should be indexed.
-        *
-        * @return      boolean
-        */
-       function isSearchIndexPage()    {
-               return t3lib_extMgm::isLoaded('indexed_search') && $this->config['config']['index_enable'] && !$this->no_cache;
-       }
-
-       /**
         * Returns the mode of XHTML cleaning
         *
         * @return      string          Keyword: "all", "cached" or "output"
@@ -2372,7 +2498,19 @@ if (version == "n3") {
         * @return      boolean         Returns true if $this->jumpurl is not set.
         */
        function isOutputting() {
-               return (!$this->jumpurl);
+
+                       // Initialize by status of jumpUrl:
+               $enableOutput = (!$this->jumpurl);
+
+                       // Call hook for possible disabling of output:
+               if (is_array($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/class.tslib_fe.php']['isOutputting'])) {
+                       $_params = array('pObj' => &$this, 'enableOutput' => &$enableOutput);
+                       foreach($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/class.tslib_fe.php']['isOutputting'] as $_funcRef)  {
+                               t3lib_div::callUserFunction($_funcRef,$_params,$this);
+                       }
+               }
+
+               return $enableOutput;
        }
 
        /**
@@ -2383,20 +2521,16 @@ if (version == "n3") {
         * @return      void
         */
        function processOutput()        {
-                       // Substitutes username mark with the username
-               if ($this->fe_user->user['uid'])        {
-                       $token = trim($this->config['config']['USERNAME_substToken']);
-                       $this->content = str_replace($token ? $token : '<!--###USERNAME###-->',$this->fe_user->user['username'],$this->content);
-               }
-                       // Substitutes get_URL_ID in case of GET-fallback
-               if ($this->getMethodUrlIdToken) {
-                       $this->content = str_replace($this->getMethodUrlIdToken, $this->fe_user->get_URL_ID, $this->content);
-               }
 
                        // Set header for charset-encoding unless disabled
                if (!$this->config['config']['disableCharsetHeader'])   {
                        $headLine = 'Content-Type:text/html;charset='.trim($this->metaCharset);
-                       header ($headLine);
+                       header($headLine);
+               }
+
+                       // Set cache related headers to client (used to enable proxy / client caching!)
+               if ($this->config['config']['sendCacheHeaders'])        {
+                       $this->sendCacheHeaders();
                }
 
                        // Set headers, if any
@@ -2408,6 +2542,11 @@ if (version == "n3") {
                        }
                }
 
+                       // Make substitution of eg. username/uid in content only if cache-headers for client/proxy caching is NOT sent!
+               if (!$this->isClientCachable)   {
+                       $this->contentStrReplace();
+               }
+
                                // Tidy up the code, if flag...
                if ($this->TYPO3_CONF_VARS['FE']['tidy_option'] == 'output')            {
                        $GLOBALS['TT']->push('Tidy, output','');
@@ -2440,6 +2579,113 @@ if (version == "n3") {
                        $this->content = str_replace('target="_top"','target="_self"',$this->content);
                        $this->content = str_replace('target=_top','target="_self"',$this->content);
                }*/
+
+                       // Send content-lenght header. Notice that all HTML content outside the length of the content-length header will be cut off! Therefore content of unknown length from included PHP-scripts and if admin users are logged in (admin panel might show...) we disable it!
+               if ($this->config['config']['enableContentLengthHeader'] && !$this->isEXTincScript() && !$this->beUserLogin)    {
+                       header('Content-Length: '.strlen($this->content));
+               }
+       }
+
+       /**
+        * Send cache headers good for client/reverse proxy caching
+        *
+        * @return      void
+        * @co-author   Ole Tange, Forbrugernes Hus, Denmark
+        */
+       function sendCacheHeaders()     {
+
+                       // Getting status whether we can send cache control headers for proxy caching:
+               $doCache = $this->isStaticCacheble();
+
+                       // Finally, when backend users are logged in, do not send cache headers at all (Admin Panel might be displayed for instance).
+               if ($doCache
+                               && !$this->beUserLogin) {
+
+                               // Build headers:
+                       $headers = array(
+                               'Last-Modified: '.gmdate('D, d M Y H:i:s T', $this->register['SYS_LASTCHANGED']),
+                               'Expires: '.gmdate('D, d M Y H:i:s T', $this->cacheExpires),
+                               'ETag: '.md5($this->content),
+                               'Cache-Control: max-age='.($this->cacheExpires - $GLOBALS['EXEC_TIME']),                // no-cache
+                               'Pragma: public',
+                       );
+
+                       $this->isClientCachable = TRUE;
+               } else {
+                               // Build headers:
+                       $headers = array(
+                               #'Last-Modified: '.gmdate('D, d M Y H:i:s T', $this->register['SYS_LASTCHANGED']),
+                               #'ETag: '.md5($this->content),
+                               'Cache-Control: no-cache',
+                               'Pragma: no-cache',
+                       );
+
+                       $this->isClientCachable = FALSE;
+
+                               // Now, if a backend user is logged in, tell him in the Admin Panel log what the caching status would have been:
+                       if ($this->beUserLogin) {
+                               if ($doCache)   {
+                                       $GLOBALS['TT']->setTSlogMessage('Cache-headers with max-age "'.($this->cacheExpires - $GLOBALS['EXEC_TIME']).'" would have been sent');
+                               } else {
+                                       $reasonMsg = '';
+                                       $reasonMsg.= !$this->no_cache ? '' : 'Caching disabled (no_cache). ';
+                                       $reasonMsg.= !$this->isINTincScript() ? '' : '*_INT object(s) on page. ';
+                                       $reasonMsg.= !$this->isEXTincScript() ? '' : '*_EXT object(s) on page. ';
+                                       $reasonMsg.= !is_array($this->fe_user->user) ? '' : 'Frontend user logged in. ';
+                                       $GLOBALS['TT']->setTSlogMessage('Cache-headers would disable proxy caching! Reason(s): "'.$reasonMsg.'"',1);
+                               }
+                       }
+               }
+
+                       // Send headers:
+               foreach($headers as $hL)        {
+                       header($hL);
+               }
+       }
+
+       /**
+        * Reporting status whether we can send cache control headers for proxy caching or publishing to static files
+        *
+        * Rules are:
+        * no_cache cannot be set: If it is, the page might contain dynamic content and should never be cached.
+        * There can be no USER_INT objects on the page ("isINTincScript()" / "isEXTincScript()") because they implicitly indicate dynamic content
+        * There can be no logged in user because user sessions are based on a cookie and thereby does not offer client caching a chance to know if the user is logged in. Actually, there will be a reverse problem here; If a page will somehow change when a user is logged in he may not see it correctly if the non-login version sent a cache-header! So do NOT use cache headers in page sections where user logins change the page content. (unless using such as realurl to apply a prefix in case of login sections)
+        *
+        * @return      boolean
+        */
+       function isStaticCacheble()     {
+
+               $doCache = !$this->no_cache
+                               && !$this->isINTincScript()
+                               && !$this->isEXTincScript()
+                               && !is_array($this->fe_user->user);
+
+               return $doCache;
+       }
+
+       /**
+        * Substitute various tokens in content. This should happen only if the content is not cached by proxies or client browsers.
+        *
+        * @return      void
+        */
+       function contentStrReplace()    {
+                       // Substitutes username mark with the username
+               if ($this->fe_user->user['uid'])        {
+
+                               // User name:
+                       $token = trim($this->config['config']['USERNAME_substToken']);
+                       $this->content = str_replace($token ? $token : '<!--###USERNAME###-->',$this->fe_user->user['username'],$this->content);
+
+                               // User uid (if configured):
+                       $token = trim($this->config['config']['USERUID_substToken']);
+                       if ($token)     {
+                               $this->content = str_replace($token, $this->fe_user->user['uid'], $this->content);
+                       }
+               }
+                       // Substitutes get_URL_ID in case of GET-fallback
+               if ($this->getMethodUrlIdToken) {
+                       $this->content = str_replace($this->getMethodUrlIdToken, $this->fe_user->get_URL_ID, $this->content);
+               }
        }
 
        /**
@@ -2483,7 +2729,8 @@ if (version == "n3") {
                if ($this->config['config']['stat'] &&
                                (!strcmp('',$this->config['config']['stat_typeNumList']) || t3lib_div::inList(str_replace(' ','',$this->config['config']['stat_typeNumList']), $this->type)) &&
                                (!$this->config['config']['stat_excludeBEuserHits'] || !$this->beUserLogin) &&
-                               (!$this->config['config']['stat_excludeIPList'] || !t3lib_div::inList(str_replace(' ','',$this->config['config']['stat_excludeIPList']), t3lib_div::getIndpEnv('REMOTE_ADDR')))) {
+                               (!$this->config['config']['stat_excludeIPList'] || !t3lib_div::cmpIP(t3lib_div::getIndpEnv('REMOTE_ADDR'),str_replace(' ','',$this->config['config']['stat_excludeIPList'])))) {
+
                        $GLOBALS['TT']->push('Stat');
                                if (t3lib_extMgm::isLoaded('sys_stat') && $this->config['config']['stat_mysql'])        {
 
@@ -2537,7 +2784,7 @@ if (version == "n3") {
 
                                        // Apache:
                                if ($this->config['config']['stat_apache'] && $this->config['stat_vars']['pageName'])   {
-                                       if (@is_file($this->config['stat_vars']['logFile']) && TYPO3_OS!='WIN') {
+                                       if (@is_file($this->config['stat_vars']['logFile']))    {
                                                $LogLine = ((t3lib_div::getIndpEnv('REMOTE_HOST') && !$this->config['config']['stat_apache_noHost']) ? t3lib_div::getIndpEnv('REMOTE_HOST') : t3lib_div::getIndpEnv('REMOTE_ADDR')).' - - '.Date('[d/M/Y:H:i:s +0000]',$GLOBALS['EXEC_TIME']).' "GET '.$this->config['stat_vars']['pageName'].' HTTP/1.1" 200 '.strlen($this->content);
                                                if (!$this->config['config']['stat_apache_notExtended'])        {
                                                        $LogLine.= ' "'.t3lib_div::getIndpEnv('HTTP_REFERER').'" "'.t3lib_div::getIndpEnv('HTTP_USER_AGENT').'"';
@@ -2546,14 +2793,18 @@ if (version == "n3") {
                                                switch($this->TYPO3_CONF_VARS['FE']['logfile_write'])   {
                                                        case 'fputs':
                                                                $GLOBALS['TT']->push('Write to log file (fputs)');
-                                                                       $logfilehandle = fopen(PATH_site.$this->config['stat_vars']['logFile'], 'a');
+                                                                       $logfilehandle = fopen($this->config['stat_vars']['logFile'], 'a');
                                                                        fputs($logfilehandle, $LogLine."\n");
                                                                        @fclose($logfilehandle);
                                                                $GLOBALS['TT']->pull();
                                                        break;
                                                        default:
                                                                $GLOBALS['TT']->push('Write to log file (echo)');
-                                                                       $execCmd = 'echo "'.addslashes($LogLine).'" >> '.PATH_site.$this->config['stat_vars']['logFile'];
+                                                                       if (TYPO3_OS=="WIN") {
+                                                                               $execCmd = 'echo '.$LogLine.' >> '.$this->config['stat_vars']['logFile'];
+                                                                       } else {
+                                                                               $execCmd = 'echo "'.addslashes($LogLine).'" >> '.$this->config['stat_vars']['logFile'];
+                                                                       }
                                                                        exec($execCmd);
                                                                $GLOBALS['TT']->pull();
                                                        break;
@@ -2590,6 +2841,22 @@ if (version == "n3") {
        }
 
        /**
+        * End-Of-Frontend hook
+        *
+        * @return      void
+        */
+       function hook_eofe()    {
+
+                       // Call hook for end-of-frontend processing:
+               if (is_array($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/class.tslib_fe.php']['hook_eofe']))    {
+                       $_params = array('pObj' => &$this);
+                       foreach($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/class.tslib_fe.php']['hook_eofe'] as $_funcRef)     {
+                               t3lib_div::callUserFunction($_funcRef,$_params,$this);
+                       }
+               }
+       }
+
+       /**
         * Returns a link to the login screen with redirect to the front-end
         *
         * @return      string          HTML, a tag for a link to the backend.
@@ -2653,11 +2920,7 @@ if (version == "n3") {
                $titleChars = intval($this->config['config']['simulateStaticDocuments_addTitle']);
                $out = '';
                if ($titleChars)        {
-                       $out = $this->csConvObj->specCharsToASCII($this->renderCharset, $inTitle);
-                       $out= ereg_replace('[^[:alnum:]_-]','_',trim(substr($out,0,$titleChars)));
-                       $out= ereg_replace('_*$','',$out);
-                       $out= ereg_replace('^_*','',$out);
-                       if ($out)       $out.='.';
+                       $out = $this->fileNameASCIIPrefix($inTitle, $titleChars);
                }
                $enc = '';
                if (strcmp($addParams,'') && !$no_cache)        {
@@ -2666,7 +2929,7 @@ if (version == "n3") {
                                        $md5=substr(md5($addParams),0,10);
                                        $enc='+M5'.$md5;
 
-                                       $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('md5hash', 'cache_md5params', 'md5hash="'.$GLOBALS['TYPO3_DB']->quoteStr($md5, 'cache_md5params').'"');
+                                       $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('md5hash', 'cache_md5params', 'md5hash='.$GLOBALS['TYPO3_DB']->fullQuoteStr($md5, 'cache_md5params'));
                                        if (!$GLOBALS['TYPO3_DB']->sql_num_rows($res))  {
                                                $insertFields = array(
                                                        'md5hash' => $md5,
@@ -2732,6 +2995,25 @@ if (version == "n3") {
        }
 
        /**
+        * Converts input string to an ASCII based file name prefix
+        *
+        * @param       string          String to base output on
+        * @param       integer         Number of characters in the string
+        * @param       string          Character to put in the end of string to merge it with the next value.
+        * @return      string          String
+        */
+       function fileNameASCIIPrefix($inTitle,$titleChars,$mergeChar='.')       {
+               $out = $this->csConvObj->specCharsToASCII($this->renderCharset, $inTitle);
+               $out = ereg_replace('[^[:alnum:]_-]','_',trim(substr($out,0,$titleChars)));
+               $out = ereg_replace('[_-]*$','',$out);
+               $out = ereg_replace('^[_-]*','',$out);
+               $out = ereg_replace('([_-])[_-]*','\1',$out);
+               if (strlen($out))       $out.=$mergeChar;
+
+               return $out;
+       }
+
+       /**
         * Encryption of email addresses for <A>-tags See the spam protection setup in TS 'config.'
         *
         * @param       string          Input string to en/decode: "mailto:blabla@bla.com"
@@ -2839,6 +3121,23 @@ if (version == "n3") {
        }
 
        /**
+        * Prefixing the input URL with ->baseUrl If ->baseUrl is set and the input url is not absolute in some way.
+        * Designed as a wrapper functions for use with all frontend links that are processed by JavaScript (for "realurl" compatibility!). So each time a URL goes into window.open, document.location or otherwise, wrap it with this function!
+        *
+        * @param       string          Input URL, relative or absolute
+        * @return      string          Processed input value.
+        */
+       function baseUrlWrap($url)      {
+               if ($this->baseUrl)     {
+                       $urlParts = parse_url($url);
+                       if (!strlen($urlParts['scheme']) && $url{0}!=='/')      {
+                               $url = $this->baseUrl.$url;
+                       }
+               }
+               return $url;
+       }
+
+       /**
         * Prints error msg/header.
         * Echoes out the HTML content
         *
@@ -2859,7 +3158,7 @@ if (version == "n3") {
         * @access private
         */
        function updateMD5paramsRecord($hash)   {
-               $GLOBALS['TYPO3_DB']->exec_UPDATEquery('cache_md5params', 'md5hash="'.$GLOBALS['TYPO3_DB']->quoteStr($hash, 'cache_md5params').'"', array('tstamp' => time()));
+               $GLOBALS['TYPO3_DB']->exec_UPDATEquery('cache_md5params', 'md5hash='.$GLOBALS['TYPO3_DB']->fullQuoteStr($hash, 'cache_md5params'), array('tstamp' => time()));
        }
 
        /**
@@ -3235,9 +3534,9 @@ if (version == "n3") {
        /**
         * Converts input string from renderCharset to metaCharset IF the two charsets are different.
         *
-        * @param       string  Content to be converted.
-        * @param       string  Label (just for fun, no function)
-        * @return      string  Converted content string.
+        * @param       string          Content to be converted.
+        * @param       string          Label (just for fun, no function)
+        * @return      string          Converted content string.
         */
        function convOutputCharset($content,$label)     {
                if ($this->renderCharset != $this->metaCharset) {