‪TYPO3CMS  10.4
LockedBackendGuard.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
19 
20 use Psr\Http\Message\ResponseInterface;
21 use Psr\Http\Message\ServerRequestInterface;
22 use Psr\Http\Server\MiddlewareInterface;
23 use Psr\Http\Server\RequestHandlerInterface;
31 
40 class ‪LockedBackendGuard implements MiddlewareInterface
41 {
49  public function ‪process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
50  {
51  try {
52  $redirectToUri = $this->‪checkLockedBackend();
53  if (!empty($redirectToUri)) {
54  return new ‪RedirectResponse($redirectToUri, 302);
55  }
56  } catch (‪BackendLockedException $e) {
57  // Looks like an AJAX request that can handle JSON, (usually from the timeout functionality)
58  // So, let's form a request that fits
59  if (strpos($request->getHeaderLine('Accept'), 'application/json') !== false) {
60  $session = [
61  'timed_out' => false,
62  'will_time_out' => false,
63  'locked' => true,
64  'message' => $e->getMessage()
65  ];
66  return new ‪JsonResponse(['login' => $session]);
67  }
68  throw $e;
69  }
71  $request->getAttribute('normalizedParams')->getRemoteAddress(),
72  trim((string)‪$GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])
73  );
74 
75  return $handler->handle($request);
76  }
77 
84  protected function ‪checkLockedBackend()
85  {
86  if (‪$GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] < 0) {
87  throw new ‪BackendLockedException(
89  'Backend and Install Tool are locked for maintenance. [BE][adminOnly] is set to "' . (int)‪$GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] . '".',
90  'TYPO3 Backend locked',
91  1517949794
92  );
93  }
94  if (@is_file(‪Environment::getLegacyConfigPath() . '/LOCK_BACKEND')) {
95  $fileContent = file_get_contents(‪Environment::getLegacyConfigPath() . '/LOCK_BACKEND');
96  if ($fileContent) {
97  return $fileContent;
98  }
99  throw new ‪BackendLockedException(
101  'Backend access by browser is locked for maintenance. Remove lock by removing the file "typo3conf/LOCK_BACKEND" or use CLI-scripts.',
102  'TYPO3 Backend locked',
103  1517949793
104  );
105  }
106 
107  return null;
108  }
109 
117  protected function ‪validateVisitorsIpAgainstIpMaskList(string $ipAddress, string $ipMaskList = '')
118  {
119  if ($ipMaskList !== '' && !GeneralUtility::cmpIP($ipAddress, $ipMaskList)) {
122  'The IP address of your client does not match the list of allowed IP addresses.',
123  'TYPO3 Backend access denied',
124  1517949792
125  );
126  }
127  }
128 }
‪TYPO3\CMS\Backend\Middleware
Definition: AdditionalResponseHeaders.php:18
‪TYPO3\CMS\Backend\Exception\BackendAccessDeniedException
Definition: BackendAccessDeniedException.php:23
‪TYPO3\CMS\Backend\Middleware\LockedBackendGuard
Definition: LockedBackendGuard.php:41
‪TYPO3\CMS\Backend\Middleware\LockedBackendGuard\validateVisitorsIpAgainstIpMaskList
‪validateVisitorsIpAgainstIpMaskList(string $ipAddress, string $ipMaskList='')
Definition: LockedBackendGuard.php:117
‪TYPO3\CMS\Backend\Exception\BackendLockedException
Definition: BackendLockedException.php:23
‪TYPO3\CMS\Backend\Middleware\LockedBackendGuard\checkLockedBackend
‪string null checkLockedBackend()
Definition: LockedBackendGuard.php:84
‪TYPO3\CMS\Core\Utility\HttpUtility\HTTP_STATUS_403
‪const HTTP_STATUS_403
Definition: HttpUtility.php:56
‪TYPO3\CMS\Core\Http\RedirectResponse
Definition: RedirectResponse.php:28
‪TYPO3\CMS\Core\Http\JsonResponse
Definition: JsonResponse.php:26
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:5
‪TYPO3\CMS\Core\Core\Environment
Definition: Environment.php:40
‪TYPO3\CMS\Core\Utility\HttpUtility
Definition: HttpUtility.php:24
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:46
‪TYPO3\CMS\Core\Core\Environment\getLegacyConfigPath
‪static string getLegacyConfigPath()
Definition: Environment.php:282
‪TYPO3\CMS\Backend\Middleware\LockedBackendGuard\process
‪ResponseInterface process(ServerRequestInterface $request, RequestHandlerInterface $handler)
Definition: LockedBackendGuard.php:49