Added feature #15621: Feature: TYPO3 misses page-option to force SSL oder Non-SSL...
[Packages/TYPO3.CMS.git] / typo3 / sysext / cms / tslib / class.tslib_fe.php
index 553835b..c1d5eda 100644 (file)
         * May exit after outputting an error message or some JavaScript redirecting to the install tool.
         *
         * @return      void
-        * @deprecated since TYPO3 3.8, this function will be removed in TYPO3 4.5, use connectToDB() instead!
+        * @deprecated since TYPO3 3.8, this function will be removed in TYPO3 4.6, use connectToDB() instead!
         */
        function connectToMySQL()       {
                t3lib_div::logDeprecatedFunction();
                        $this->pageNotFoundAndExit($pNotFoundMsg[$this->pageNotFound]);
                }
 
+               if ($this->page['url_scheme'] > 0) {
+                       $newUrl = '';
+                       $requestUrlScheme = parse_url(t3lib_div::getIndpEnv('TYPO3_REQUEST_URL'), PHP_URL_SCHEME);
+                       if ((int) $this->page['url_scheme'] === t3lib_utility_http::SCHEME_HTTP && $requestUrlScheme == 'https') {
+                               $newUrl = 'http://' . substr(t3lib_div::getIndpEnv('TYPO3_REQUEST_URL'), 8);
+                       } elseif ((int) $this->page['url_scheme'] === t3lib_utility_http::SCHEME_HTTPS && $requestUrlScheme == 'http') {
+                               $newUrl = 'https://' . substr(t3lib_div::getIndpEnv('TYPO3_REQUEST_URL'), 7);
+                       }
+                       if ($newUrl !== '') {
+                               if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+                                       $headerCode = t3lib_utility_Http::HTTP_STATUS_303;
+                               } else {
+                                       $headerCode = t3lib_utility_Http::HTTP_STATUS_301;
+                               }
+                               t3lib_utility_http::redirect($newUrl, $headerCode);
+                       }
+               }
                        // set no_cache if set
                if ($this->page['no_cache'])    {
                        $this->set_no_cache();
         * Get page shortcut; Finds the records pointed to by input value $SC (the shortcut value)
         *
         * @param       integer         The value of the "shortcut" field from the pages record
-        * @param       integer         The shortcut mode: 1 and 2 will select either first subpage or random subpage; the default is the page pointed to by $SC
+        * @param       integer         The shortcut mode: 1 will select first subpage, 2 a random subpage, 3 the parent page; default is the page pointed to by $SC
         * @param       integer         The current page UID of the page which is a shortcut
         * @param       integer         Safety feature which makes sure that the function is calling itself recursively max 20 times (since this function can find shortcuts to other shortcuts to other shortcuts...)
         * @param       array           An array filled with previous page uids tested by the function - new page uids are evaluated against this to avoid going in circles.
                                        $c++;
                                }
                        break;
+                       case 3:
+                               $parent = $this->sys_page->getPage($thisUid);
+                               $page = $this->sys_page->getPage($parent['pid']);
+                       break;
                        default:
                                $page = $this->sys_page->getPage($idArray[0]);
                        break;
        function jumpUrl()      {
                if ($this->jumpurl)     {
                        if (t3lib_div::_GP('juSecure')) {
-                               $locationData = t3lib_div::_GP('locationData');
-                               $mimeType = t3lib_div::_GP('mimeType');
+                               $locationData = (string)t3lib_div::_GP('locationData');
+                               $mimeType = (string)t3lib_div::_GP('mimeType');  // Need a type cast here because mimeType is optional!
 
                                $hArr = array(
                                        $this->jumpurl,
-                                       t3lib_div::_GP('locationData'),
-                                       t3lib_div::_GP('mimeType'),
-                                       $this->TYPO3_CONF_VARS['SYS']['encryptionKey']
+                                       $locationData,
+                                       $mimeType
                                );
-                               $calcJuHash=t3lib_div::shortMD5(serialize($hArr));
-                               $juHash = t3lib_div::_GP('juHash');
-                               if ($juHash == $calcJuHash)     {
+                               $calcJuHash = t3lib_div::hmac(serialize($hArr));
+                               $juHash = (string)t3lib_div::_GP('juHash');
+                               if ($juHash === $calcJuHash)    {
                                        if ($this->locDataCheck($locationData)) {
                                                $this->jumpurl = rawurldecode($this->jumpurl);  // 211002 - goes with cObj->filelink() rawurlencode() of filenames so spaces can be allowed.
                                                        // Deny access to files that match TYPO3_CONF_VARS[SYS][fileDenyPattern] and whose parent directory is typo3conf/ (there could be a backup file in typo3conf/ which does not match against the fileDenyPattern)
-                                               if (t3lib_div::verifyFilenameAgainstDenyPattern($this->jumpurl) && basename(dirname($this->jumpurl)) !== 'typo3conf') {
-                                                       if (@is_file($this->jumpurl)) {
+                                               $absoluteFileName = t3lib_div::getFileAbsFileName(t3lib_div::resolveBackPath($this->jumpurl), FALSE);
+                                               if (t3lib_div::isAllowedAbsPath($absoluteFileName) && t3lib_div::verifyFilenameAgainstDenyPattern($absoluteFileName) && !t3lib_div::isFirstPartOfStr($absoluteFileName, PATH_site . 'typo3conf')) {
+                                                       if (@is_file($absoluteFileName)) {
                                                                $mimeType = $mimeType ? $mimeType : 'application/octet-stream';
                                                                header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
                                                                header('Content-Type: '.$mimeType);
-                                                               header('Content-Disposition: attachment; filename='.basename($this->jumpurl));
-                                                               readfile($this->jumpurl);
+                                                               header('Content-Disposition: attachment; filename="'.basename($absoluteFileName) . '"');
+                                                               readfile($absoluteFileName);
                                                                exit;
                                                        } else die('jumpurl Secure: "'.$this->jumpurl.'" was not a valid file!');
-                                               } else die('jumpurl Secure: The requested file type was not allowed to be accessed through jumpUrl (fileDenyPattern)!');
+                                               } else die('jumpurl Secure: The requested file was not allowed to be accessed through jumpUrl (path or file not allowed)!');
                                        } else die('jumpurl Secure: locationData, '.$locationData.', was not accessible.');
                                } else die('jumpurl Secure: Calculated juHash did not match the submitted juHash.');
                        } else {
@@ -3964,10 +3985,12 @@ if (version == "n3") {
         * @param       boolean         The "no_cache" status of the link.
         * @return      string          The body of the filename.
         * @see getSimulFileName(), t3lib_tstemplate::linkData(), tslib_frameset::frameParams()
-        * @deprecated since TYPO3 4.3, will be removed in TYPO3 4.5, please use the "simulatestatic" sysext directly
+        * @deprecated since TYPO3 4.3, will be removed in TYPO3 4.6, please use the "simulatestatic" sysext directly
         * @todo        Deprecated but still used in the Core!
         */
        function makeSimulFileName($inTitle, $page, $type, $addParams = '', $no_cache = false) {
+               t3lib_div::logDeprecatedFunction();
+
                if (t3lib_extMgm::isLoaded('simulatestatic')) {
                        $parameters = array(
                                'inTitle' => $inTitle,
@@ -3992,7 +4015,7 @@ if (version == "n3") {
         * @param       string          Query string to analyse
         * @return      array           Two num keys returned, first is the parameters that MAY be encoded, second is the non-encodable parameters.
         * @see makeSimulFileName(), t3lib_tstemplate::linkData()
-        * @deprecated since TYPO3 4.3, will be removed in TYPO3 4.5, please use the "simulatestatic" sysext directly
+        * @deprecated since TYPO3 4.3, will be removed in TYPO3 4.6, please use the "simulatestatic" sysext directly
         */
        function simulateStaticDocuments_pEnc_onlyP_proc($linkVars)     {
                t3lib_div::logDeprecatedFunction();
@@ -4013,10 +4036,12 @@ if (version == "n3") {
         *
         * @return      string          The filename (without path)
         * @see makeSimulFileName(), publish.php
-        * @deprecated since TYPO3 4.3, will be removed in TYPO3 4.5, please use the "simulatestatic" sysext directly
+        * @deprecated since TYPO3 4.3, will be removed in TYPO3 4.6, please use the "simulatestatic" sysext directly
         * @todo        Deprecated but still used in the Core!
         */
        function getSimulFileName()     {
+               t3lib_div::logDeprecatedFunction();
+
                return $this->makeSimulFileName(
                        $this->page['title'],
                        ($this->page['alias'] ? $this->page['alias'] : $this->id),
@@ -4028,7 +4053,7 @@ if (version == "n3") {
         * Checks and sets replacement character for simulateStaticDocuments. Default is underscore.
         *
         * @return      void
-        * @deprecated since TYPO3 4.3, will be removed in TYPO3 4.5, please use the "simulatestatic" sysext directly
+        * @deprecated since TYPO3 4.3, will be removed in TYPO3 4.6, please use the "simulatestatic" sysext directly
         */
        function setSimulReplacementChar() {
                t3lib_div::logDeprecatedFunction();
@@ -4051,7 +4076,7 @@ if (version == "n3") {
         * @param       integer         Number of characters in the string
         * @param       string          Character to put in the end of string to merge it with the next value.
         * @return      string          String
-        * @deprecated since TYPO3, 4.3, will be removed in TYPO3 4.5, please use the "simulatestatic" sysext directly
+        * @deprecated since TYPO3, 4.3, will be removed in TYPO3 4.6, please use the "simulatestatic" sysext directly
         * @todo        Deprecated but still used in the Core!
         */
        function fileNameASCIIPrefix($inTitle,$titleChars,$mergeChar='.')       {
@@ -4222,6 +4247,7 @@ if (version == "n3") {
                        $this->content = str_replace('"' . TYPO3_mainDir . 'ext/', '"' . $this->absRefPrefix . TYPO3_mainDir . 'ext/', $this->content);
                        $this->content = str_replace('"' . TYPO3_mainDir . 'sysext/' , '"' . $this->absRefPrefix . TYPO3_mainDir . 'sysext/', $this->content);
                        $this->content = str_replace('"'.$GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'], '"'.$this->absRefPrefix.$GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'], $this->content);
+                       $this->content = str_replace('"' . $GLOBALS['TYPO3_CONF_VARS']['BE']['RTE_imageStorageDir'], '"' . $this->absRefPrefix . $GLOBALS['TYPO3_CONF_VARS']['BE']['RTE_imageStorageDir'], $this->content);
                        // Process additional directories
                        $directories = t3lib_div::trimExplode(',', $GLOBALS['TYPO3_CONF_VARS']['FE']['additionalAbsRefPrefixDirectories'], true);
                        foreach ($directories as $directory) {
@@ -4554,7 +4580,7 @@ if (version == "n3") {
         * Seeds the random number engine.
         *
         * @return      void
-        * @deprecated since TYPO3 4.3, this function will be removed in TYPO3 4.5, the random number generator is seeded automatically since PHP 4.2.0
+        * @deprecated since TYPO3 4.3, this function will be removed in TYPO3 4.6, the random number generator is seeded automatically since PHP 4.2.0
         */
        function make_seed() {
                t3lib_div::logDeprecatedFunction();