‪TYPO3CMS  10.4
PageArgumentValidator.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
19 
20 use Psr\Http\Message\ResponseInterface;
21 use Psr\Http\Message\ServerRequestInterface;
22 use Psr\Http\Server\MiddlewareInterface;
23 use Psr\Http\Server\RequestHandlerInterface;
24 use Psr\Log\LoggerAwareInterface;
25 use Psr\Log\LoggerAwareTrait;
34 
38 class ‪PageArgumentValidator implements MiddlewareInterface, LoggerAwareInterface
39 {
40  use LoggerAwareTrait;
41 
47  protected ‪$cacheHashCalculator;
48 
52  protected ‪$timeTracker;
53 
57  protected ‪$disableCache = false;
58 
59  public function ‪__construct(
62  ) {
63  $this->cacheHashCalculator = ‪$cacheHashCalculator;
64  $this->timeTracker = ‪$timeTracker;
65  }
66 
74  public function ‪process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
75  {
76  $this->disableCache = (bool)$request->getAttribute('noCache', false);
77  $pageNotFoundOnValidationError = (bool)(‪$GLOBALS['TYPO3_CONF_VARS']['FE']['pageNotFoundOnCHashError'] ?? true);
79  $pageArguments = $request->getAttribute('routing', null);
80  if (!($pageArguments instanceof ‪PageArguments)) {
81  // Page Arguments must be set in order to validate. This middleware only works if PageArguments
82  // is available, and is usually combined with the Page Resolver middleware
83  return GeneralUtility::makeInstance(ErrorController::class)->pageNotFoundAction(
84  $request,
85  'Page Arguments could not be resolved',
87  );
88  }
89  if (‪$GLOBALS['TYPO3_CONF_VARS']['FE']['disableNoCacheParameter'] ?? true) {
90  $cachingDisabledByRequest = false;
91  } else {
92  $cachingDisabledByRequest = $pageArguments->getArguments()['no_cache'] ?? $request->getParsedBody()['no_cache'] ?? false;
93  }
94  if (($cachingDisabledByRequest || $this->disableCache) && !$pageNotFoundOnValidationError) {
95  // No need to test anything if caching was already disabled.
96  return $handler->handle($request);
97  }
98  // Evaluate the cache hash parameter or dynamic arguments when coming from a Site-based routing
99  $cHash = (string)($pageArguments->getArguments()['cHash'] ?? '');
100  ‪$queryParams = $pageArguments->getDynamicArguments();
101  if ($cHash !== '' || !empty(‪$queryParams)) {
102  $relevantParametersForCacheHashArgument = $this->getRelevantParametersForCacheHashCalculation($pageArguments);
103  if ($cHash !== '') {
104  if (empty($relevantParametersForCacheHashArgument)) {
105  // cHash was given, but nothing to be calculated, so let's do a redirect to the current page
106  // but without the cHash
107  $this->logger->notice('The incoming cHash "' . $cHash . '" is given but not needed. cHash is unset');
108  $uri = $request->getUri();
109  unset(‪$queryParams['cHash']);
110  $uri = $uri->withQuery(‪HttpUtility::buildQueryString(‪$queryParams));
111  return new ‪RedirectResponse($uri, 308);
112  }
113  if (!$this->‪evaluateCacheHashParameter($cHash, $relevantParametersForCacheHashArgument, $pageNotFoundOnValidationError)) {
114  return GeneralUtility::makeInstance(ErrorController::class)->pageNotFoundAction(
115  $request,
116  'Request parameters could not be validated (&cHash comparison failed)',
118  );
119  }
120  // No cHash given but was required
121  } elseif (!$this->‪evaluatePageArgumentsWithoutCacheHash($pageArguments, $pageNotFoundOnValidationError)) {
122  return GeneralUtility::makeInstance(ErrorController::class)->pageNotFoundAction(
123  $request,
124  'Request parameters could not be validated (&cHash empty)',
126  );
127  }
128  }
129 
130  $request = $request->withAttribute('noCache', $this->disableCache);
131  return $handler->handle($request);
132  }
133 
140  protected function getRelevantParametersForCacheHashCalculation(‪PageArguments $pageArguments): array
141  {
142  ‪$queryParams = $pageArguments->getDynamicArguments();
143  ‪$queryParams['id'] = $pageArguments->‪getPageId();
144  return $this->cacheHashCalculator->getRelevantParameters(‪HttpUtility::buildQueryString(‪$queryParams));
145  }
146 
156  protected function ‪evaluateCacheHashParameter(string $cHash, array $relevantParameters, bool $pageNotFoundOnCacheHashError): bool
157  {
158  $calculatedCacheHash = $this->cacheHashCalculator->calculateCacheHash($relevantParameters);
159  if (hash_equals($calculatedCacheHash, $cHash)) {
160  return true;
161  }
162  // Early return to trigger the error controller
163  if ($pageNotFoundOnCacheHashError) {
164  return false;
165  }
166  // Caching is disabled now (but no 404)
167  $this->disableCache = true;
168  $this->timeTracker->setTSlogMessage('The incoming cHash "' . $cHash . '" and calculated cHash "' . $calculatedCacheHash . '" did not match, so caching was disabled. The fieldlist used was "' . implode(',', array_keys($relevantParameters)) . '"', 2);
169  return true;
170  }
171 
181  protected function ‪evaluateQueryParametersWithoutCacheHash(array $dynamicArguments, bool $pageNotFoundOnCacheHashError): bool
182  {
183  if (!$this->cacheHashCalculator->doParametersRequireCacheHash(‪HttpUtility::buildQueryString($dynamicArguments))) {
184  return true;
185  }
186  // cHash is required, but not given, so trigger a 404
187  if ($pageNotFoundOnCacheHashError) {
188  return false;
189  }
190  // Caching is disabled now (but no 404)
191  $this->disableCache = true;
192  $this->timeTracker->setTSlogMessage('TSFE->reqCHash(): No &cHash parameter was sent for GET vars though required so caching is disabled', 2);
193  return true;
194  }
195 
202  protected function ‪evaluatePageArgumentsWithoutCacheHash(PageArguments $pageArguments, bool $pageNotFoundOnCacheHashError): bool
203  {
204  // legacy behaviour
205  if (!(‪$GLOBALS['TYPO3_CONF_VARS']['FE']['cacheHash']['enforceValidation'] ?? false)) {
206  return $this->‪evaluateQueryParametersWithoutCacheHash($pageArguments->getDynamicArguments(), $pageNotFoundOnCacheHashError);
207  }
208  $relevantParameters = $this->getRelevantParametersForCacheHashCalculation($pageArguments);
209  // There are parameters that would be needed for the current page, but no cHash is given.
210  // Thus, a "page not found" error is thrown - as configured via "pageNotFoundOnCHashError".
211  if (!empty($relevantParameters) && $pageNotFoundOnCacheHashError) {
212  return false;
213  }
214  // There are no parameters that require a cHash.
215  // We end up here when the site was called with an `id` param, e.g. https://example.org/index?id=123.
216  // Avoid disabling caches in this case.
217  if (empty($relevantParameters)) {
218  return true;
219  }
220  // Caching is disabled now (but no 404)
221  $this->disableCache = true;
222  $this->timeTracker->setTSlogMessage('No &cHash parameter was sent for given query parameters, so caching is disabled', 2);
223  return true;
224  }
225 }
‪TYPO3\CMS\Frontend\Middleware\PageArgumentValidator\evaluateQueryParametersWithoutCacheHash
‪bool evaluateQueryParametersWithoutCacheHash(array $dynamicArguments, bool $pageNotFoundOnCacheHashError)
Definition: PageArgumentValidator.php:178
‪TYPO3\CMS\Frontend\Middleware\PageArgumentValidator\__construct
‪__construct(CacheHashCalculator $cacheHashCalculator, TimeTracker $timeTracker)
Definition: PageArgumentValidator.php:56
‪TYPO3\CMS\Core\Routing\PageArguments
Definition: PageArguments.php:26
‪TYPO3\CMS\Frontend\Middleware\PageArgumentValidator\$cacheHashCalculator
‪CacheHashCalculator $cacheHashCalculator
Definition: PageArgumentValidator.php:46
‪TYPO3\CMS\Frontend\Middleware\PageArgumentValidator\evaluatePageArgumentsWithoutCacheHash
‪evaluatePageArgumentsWithoutCacheHash(PageArguments $pageArguments, bool $pageNotFoundOnCacheHashError)
Definition: PageArgumentValidator.php:199
‪TYPO3\CMS\Frontend\Page\PageAccessFailureReasons\INVALID_PAGE_ARGUMENTS
‪const INVALID_PAGE_ARGUMENTS
Definition: PageAccessFailureReasons.php:36
‪TYPO3\CMS\Frontend\Page\PageAccessFailureReasons\CACHEHASH_EMPTY
‪const CACHEHASH_EMPTY
Definition: PageAccessFailureReasons.php:38
‪TYPO3\CMS\Frontend\Middleware\PageArgumentValidator\process
‪ResponseInterface process(ServerRequestInterface $request, RequestHandlerInterface $handler)
Definition: PageArgumentValidator.php:71
‪TYPO3\CMS\Frontend\Controller\ErrorController
Definition: ErrorController.php:38
‪TYPO3\CMS\Frontend\Middleware\PageArgumentValidator\evaluateCacheHashParameter
‪bool evaluateCacheHashParameter(string $cHash, array $relevantParameters, bool $pageNotFoundOnCacheHashError)
Definition: PageArgumentValidator.php:153
‪TYPO3\CMS\Frontend\Middleware\PageArgumentValidator\$disableCache
‪bool $disableCache
Definition: PageArgumentValidator.php:54
‪TYPO3\CMS\Frontend\Middleware
Definition: BackendUserAuthenticator.php:18
‪TYPO3\CMS\Frontend\Middleware\PageArgumentValidator
Definition: PageArgumentValidator.php:39
‪TYPO3\CMS\Core\Utility\HttpUtility\buildQueryString
‪static string buildQueryString(array $parameters, string $prependCharacter='', bool $skipEmptyParameters=false)
Definition: HttpUtility.php:163
‪TYPO3\CMS\Core\Http\RedirectResponse
Definition: RedirectResponse.php:28
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:5
‪TYPO3\CMS\Frontend\Page\PageAccessFailureReasons\CACHEHASH_COMPARISON_FAILED
‪const CACHEHASH_COMPARISON_FAILED
Definition: PageAccessFailureReasons.php:37
‪TYPO3\CMS\Frontend\Page\CacheHashCalculator
Definition: CacheHashCalculator.php:25
‪TYPO3\CMS\Core\Utility\HttpUtility
Definition: HttpUtility.php:24
‪TYPO3\CMS\Frontend\Middleware\PageArgumentValidator\$timeTracker
‪TimeTracker $timeTracker
Definition: PageArgumentValidator.php:50
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:46
‪TYPO3\CMS\Core\TimeTracker\TimeTracker
Definition: TimeTracker.php:30
‪TYPO3\CMS\Core\Routing\PageArguments\getPageId
‪int getPageId()
Definition: PageArguments.php:111
‪TYPO3\CMS\Frontend\Page\PageAccessFailureReasons
Definition: PageAccessFailureReasons.php:25
‪TYPO3\CMS\Frontend\Middleware\PageArgumentValidator\$queryParams
‪$queryParams['id']
Definition: PageArgumentValidator.php:140