Fixed bug #11937: Do not show E_DEPRECATED messages on productive systems
[Packages/TYPO3.CMS.git] / t3lib / class.t3lib_div.php
index a4165fc..76ed5ba 100644 (file)
@@ -624,7 +624,8 @@ final class t3lib_div {
                if (is_object($GLOBALS['LANG'])) {
                        return $GLOBALS['LANG']->csConvObj->crop($GLOBALS['LANG']->charSet, $string, $chars, $appendString);
                } elseif (is_object($GLOBALS['TSFE'])) {
-                       return $GLOBALS['TSFE']->csConvObj->crop($GLOBALS['TSFE']->renderCharset, $string, $chars, $appendString);
+                       $charSet = ($GLOBALS['TSFE']->renderCharset != '' ? $GLOBALS['TSFE']->renderCharset : $GLOBALS['TSFE']->defaultCharSet);
+                       return $GLOBALS['TSFE']->csConvObj->crop($charSet, $string, $chars, $appendString);
                } else {
                                // this case should not happen
                        $csConvObj = t3lib_div::makeInstance('t3lib_cs');
@@ -1755,7 +1756,13 @@ final class t3lib_div {
                }
 
                if ($limit != 0) {
-                       $result = array_slice($result, 0, $limit);
+                       if ($limit < 0) {
+                               $result = array_slice($result, 0, $limit);
+                       } elseif (count($result) > $limit) {
+                               $lastElements = array_slice($result, $limit - 1);
+                               $result = array_slice($result, 0, $limit - 1);
+                               $result[] = implode($delim, $lastElements);
+                       }
                }
 
                return $result;
@@ -1934,6 +1941,7 @@ final class t3lib_div {
                        } else {
                                $value = addslashes($value);
                        }
+                       unset($value);
                }
                reset($theArray);
        }
@@ -1955,6 +1963,7 @@ final class t3lib_div {
                        } else {
                                $value = stripslashes($value);
                        }
+                       unset($value);
                }
                reset($theArray);
        }
@@ -1988,8 +1997,8 @@ final class t3lib_div {
                        }
                }
        }
-       
-       
+
+
        /**
         * Merges two arrays recursively and "binary safe" (integer keys are
         * overridden as well), overruling similar values in the first array
@@ -2518,11 +2527,12 @@ final class t3lib_div {
                        $array = $firstLevelCache[$identifier];
                } else {
                                // look up in second level cache
-                       $array = $GLOBALS['typo3CacheManager']->getCache('cache_hash')->get($identifier);
+                       $cacheContent = t3lib_pageSelect::getHash($identifier, 0);
+                       $array = unserialize($cacheContent);
+
                        if ($array === false) {
                                $array = self::xml2arrayProcess($string, $NSprefix, $reportDocTag);
-                                       // store content in second level cache
-                               $GLOBALS['typo3CacheManager']->getCache('cache_hash')->set($identifier, $array, array('ident_xml2array'), 0);
+                               t3lib_pageSelect::storeHash($identifier, serialize($array), 'ident_xml2array');
                        }
                                // store content in first level cache
                        $firstLevelCache[$identifier] = $array;
@@ -2946,10 +2956,12 @@ final class t3lib_div {
        }
 
        /**
-        * Setting file system mode & group ownership of file
+        * Sets the file system mode and group ownership of file.
         *
-        * @param       string          Filepath of newly created file
-        * @return      void
+        * @param string $file
+        *               the path of an existing file, must not be escaped
+        *
+        * @return void
         */
        public static function fixPermissions($file)    {
                if (@is_file($file) && TYPO3_OS!='WIN') {
@@ -3089,18 +3101,20 @@ final class t3lib_div {
         * @return      array           Returns an array with the directory entries as values. If no path, the return value is nothing.
         */
        public static function get_dirs($path)  {
-               if ($path)      {
-                       $d = @dir($path);
-                       if (is_object($d))      {
-                               while(false !== ($entry=$d->read())) {
-                                       if (@is_dir($path.'/'.$entry) && $entry!= '..' && $entry!= '.') {
-                                               $filearray[]=$entry;
+               if ($path) {
+                       if (is_dir($path)) {
+                               $dir = scandir($path);
+                               $dirs = array();
+                               foreach ($dir as $entry) {
+                                       if (is_dir($path . '/' . $entry) && $entry != '..' && $entry != '.') {
+                                               $dirs[] = $entry;
                                        }
                                }
-                               $d->close();
-                       } else return 'error';
-                       return $filearray;
+                       } else {
+                               $dirs = 'error';
+                       }
                }
+               return $dirs;
        }
 
        /**
@@ -4150,6 +4164,49 @@ final class t3lib_div {
        }
 
        /**
+        * Checks if a given string is a valid frame URL to be loaded in the
+        * backend.
+        *
+        * @param string $url potential URL to check
+        *
+        * @return string either $url if $url is considered to be harmless, or an
+        *                empty string otherwise
+        */
+       public static function sanitizeLocalUrl($url = '') {
+               $sanitizedUrl = '';
+               $decodedUrl = rawurldecode($url);
+
+               if (!empty($url) && self::removeXSS($decodedUrl) === $decodedUrl) {
+                       $testAbsoluteUrl = self::resolveBackPath($decodedUrl);
+                       $testRelativeUrl = self::resolveBackPath(
+                               t3lib_div::dirname(t3lib_div::getIndpEnv('SCRIPT_NAME')) . '/' . $decodedUrl
+                       );
+
+                               // Pass if URL is on the current host:
+                       if (self::isValidUrl($decodedUrl)) {
+                               if (self::isOnCurrentHost($decodedUrl) && strpos($decodedUrl, self::getIndpEnv('TYPO3_SITE_URL')) === 0) {
+                                       $sanitizedUrl = $url;
+                               }
+                               // Pass if URL is an absolute file path:
+                       } elseif (self::isAbsPath($decodedUrl) && self::isAllowedAbsPath($decodedUrl)) {
+                               $sanitizedUrl = $url;
+                               // Pass if URL is absolute and below TYPO3 base directory:
+                       } elseif (strpos($testAbsoluteUrl, self::getIndpEnv('TYPO3_SITE_PATH')) === 0 && substr($decodedUrl, 0, 1) === '/') {
+                               $sanitizedUrl = $url;
+                               // Pass if URL is relative and below TYPO3 base directory:
+                       } elseif (strpos($testRelativeUrl, self::getIndpEnv('TYPO3_SITE_PATH')) === 0 && substr($decodedUrl, 0, 1) !== '/') {
+                               $sanitizedUrl = $url;
+                       }
+               }
+
+               if (!empty($url) && empty($sanitizedUrl)) {
+                       self::sysLog('The URL "' . $url . '" is not considered to be local and was denied.', 'Core', self::SYSLOG_SEVERITY_NOTICE);
+               }
+
+               return $sanitizedUrl;
+       }
+
+       /**
         * Moves $source file to $destination if uploaded, otherwise try to make a copy
         * Usage: 4
         *
@@ -4339,10 +4396,13 @@ final class t3lib_div {
         * @param       string          Input is a file-reference (see t3lib_div::getFileAbsFileName). That file is expected to be a 'locallang.php' file containing a $LOCAL_LANG array (will be included!) or a 'locallang.xml' file conataining a valid XML TYPO3 language structure.
         * @param       string          Language key
         * @param       string          Character set (option); if not set, determined by the language key
-        * @return      array           Value of $LOCAL_LANG found in the included file. If that array is found it's returned. Otherwise an empty array
+        * @param       integer         Error mode (when file could not be found): 0 - call debug(), 1 - do nothing, 2 - throw an exception
+        * @return      array           Value of $LOCAL_LANG found in the included file. If that array is found it  will returned.
+        *                                              Otherwise an empty array and it is FALSE in error case.
         */
-       public static function readLLfile($fileRef, $langKey, $charset='')      {
+       public static function readLLfile($fileRef, $langKey, $charset = '', $errorMode = 0)    {
 
+               $result = FALSE;
                $file = t3lib_div::getFileAbsFileName($fileRef);
                if ($file)      {
                        $baseFile = preg_replace('/\.(php|xml)$/', '', $file);
@@ -4358,18 +4418,28 @@ final class t3lib_div {
                                                $LOCAL_LANG = array('default'=>$LOCAL_LANG['default'], $langKey=>$LOCAL_LANG[$langKey]); }
                                }
                        } else {
-                               die('File "' . $fileRef. '" not found!');
+                               $errorMsg = 'File "' . $fileRef. '" not found!';
+                               if ($errorMode == 2) {
+                                       throw new t3lib_exception($errorMsg);
+                               } elseif(!$errorMode)   {
+                                       debug($errorMsg, 1);
+                               }
+                               $fileNotFound = TRUE;
                        }
-                       if (isset($GLOBALS['TYPO3_CONF_VARS']['EXT']['locallangXMLOverride'][$fileRef])) {
-                               $languageOverrideFileName = t3lib_div::getFileAbsFileName($GLOBALS['TYPO3_CONF_VARS']['EXT']['locallangXMLOverride'][$fileRef]);
-                               if (@is_file($languageOverrideFileName)) {
-                                       $languageOverrideArray = t3lib_div::readLLXMLfile($languageOverrideFileName, $langKey, $charset);
-                                       $LOCAL_LANG = t3lib_div::array_merge_recursive_overrule($LOCAL_LANG, $languageOverrideArray);
+                       if (is_array($GLOBALS['TYPO3_CONF_VARS']['SYS']['locallangXMLOverride'][$fileRef])) {
+                               foreach ($GLOBALS['TYPO3_CONF_VARS']['SYS']['locallangXMLOverride'][$fileRef] as $overrideFile) {
+                                       $languageOverrideFileName = t3lib_div::getFileAbsFileName($overrideFile);
+                                       if (@is_file($languageOverrideFileName)) {
+                                               $languageOverrideArray = t3lib_div::readLLXMLfile($languageOverrideFileName, $langKey, $charset);
+                                               $LOCAL_LANG = t3lib_div::array_merge_recursive_overrule($LOCAL_LANG, $languageOverrideArray);
+                                       }
                                }
                        }
                }
-
-               return is_array($LOCAL_LANG) ? $LOCAL_LANG : array();
+               if ($fileNotFound !== TRUE)     {
+                       $result = is_array($LOCAL_LANG) ? $LOCAL_LANG : array();
+               }
+               return $result;
        }
 
        /**
@@ -5652,23 +5722,57 @@ final class t3lib_div {
                                $val = preg_replace('/(^"|"$)/','',$val);
                        }
                }
-               return $paramsArr;
+               // return reindexed array
+               return array_values($paramsArr);
+       }
+
+
+       /**
+        * Quotes a string for usage as JS parameter. Depends whether the value is
+        * used in script tags (it doesn't need/must not get htmlspecialchar'ed in
+        * this case).
+        *
+        * @param string $value the string to encode, may be empty
+        * @param boolean $withinCData
+        *        whether the escaped data is expected to be used as CDATA and thus
+        *        does not need to be htmlspecialchared
+        *
+        * @return string the encoded value already quoted (with single quotes),
+        *                will not be empty
+        */
+       static public function quoteJSvalue($value, $withinCData = false)       {
+               $escapedValue = addcslashes(
+                       $value, '\'' . '"' . '\\' . chr(9) . chr(10) . chr(13)
+               );
+               if (!$withinCData) {
+                       $escapedValue = htmlspecialchars($escapedValue);
+               }
+               return '\'' . $escapedValue . '\'';
+       }
+
+
+       /**
+        * Ends and cleans all output buffers
+        *
+        * @return      void
+        */
+       public static function cleanOutputBuffers() {
+               while (ob_get_level()) {
+                       ob_end_clean();
+               }
+               header('Content-Encoding: None', TRUE);
        }
 
 
        /**
-        * Quotes a string for usage as JS parameter. Depends wheter the value is used in script tags (it doesn't need/must not get htmlspecialchar'ed in this case)
+        *  Ends and flushes all output buffers
         *
-        * @param       string          The string to encode.
-        * @param       boolean         If the values get's used in <script> tags.
-        * @return      string          The encoded value already quoted
+        * @return      void
         */
-       public static function quoteJSvalue($value, $inScriptTags = false)      {
-               $value = addcslashes($value, '\''.'"'.chr(10).chr(13));
-               if (!$inScriptTags) {
-                       $value = htmlspecialchars($value);
+       public static function flushOutputBuffers() {
+               while (ob_get_level()) {
+                       ob_end_flush();
                }
-               return '\''.$value.'\'';
        }
 }