9.5/_normalized_params_8php_source.html

<?php

declare(strict_types = 1);

namespace ‪TYPO3\CMS\Core\Http;


/*

 * This file is part of the TYPO3 CMS project.

 *

 * It is free software; you can redistribute it and/or modify it under

 * the terms of the GNU General Public License, either version 2

 * of the License, or any later version.

 *

 * For the full copyright and license information, please read the

 * LICENSE.txt file that was distributed with this source code.

 *

 * The TYPO3 project - inspiring people to share!

 */


use ‪TYPO3\CMS\Core\Core\Environment;

use ‪TYPO3\CMS\Core\Utility\GeneralUtility;


class ‪NormalizedParams

{

    protected ‪$httpHost = '';


    protected ‪$isHttps = false;


    protected ‪$requestHost = '';


    protected ‪$requestHostOnly = '';


    protected ‪$requestPort = 0;


    protected ‪$scriptName = '';


    protected ‪$requestUri = '';


    protected ‪$requestUrl = '';


    protected ‪$requestScript = '';


    protected ‪$requestDir = '';


    protected ‪$isBehindReverseProxy = false;


    protected ‪$remoteAddress = '';


    protected ‪$scriptFilename = '';


    protected ‪$documentRoot = '';


    protected ‪$siteUrl = '';


    protected ‪$sitePath = '';


    protected ‪$siteScript = '';


    protected ‪$pathInfo = '';


    protected ‪$httpReferer = '';


    protected ‪$httpUserAgent = '';


    protected ‪$httpAcceptEncoding = '';


    protected ‪$httpAcceptLanguage = '';


    protected ‪$remoteHost = '';


    protected ‪$queryString = '';


    public function ‪__construct(array $serverParams, array $configuration, string $pathThisScript, string $pathSite)

    {

        ‪$isBehindReverseProxy = $this->‪isBehindReverseProxy = ‪self::determineIsBehindReverseProxy($serverParams, $configuration);

        ‪$httpHost = $this->httpHost = ‪self::determineHttpHost($serverParams, $configuration, ‪$isBehindReverseProxy);

        ‪$isHttps = $this->‪isHttps = ‪self::determineHttps($serverParams, $configuration);

        ‪$requestHost = $this->requestHost = (‪$isHttps ? 'https://' : 'http://') . ‪$httpHost;

        ‪$requestHostOnly = $this->requestHostOnly = ‪self::determineRequestHostOnly(‪$httpHost);

        $this->requestPort = ‪self::determineRequestPort(‪$httpHost, ‪$requestHostOnly);

        ‪$scriptName = $this->scriptName = ‪self::determineScriptName($serverParams, $configuration, ‪$isHttps, ‪$isBehindReverseProxy);

        ‪$requestUri = $this->requestUri = ‪self::determineRequestUri($serverParams, $configuration, ‪$isHttps, ‪$scriptName, ‪$isBehindReverseProxy);

        ‪$requestUrl = $this->requestUrl = ‪$requestHost . ‪$requestUri;

        $this->requestScript = ‪$requestHost . ‪$scriptName;

        ‪$requestDir = $this->requestDir = ‪$requestHost . GeneralUtility::dirname(‪$scriptName) . '/';

        $this->remoteAddress = ‪self::determineRemoteAddress($serverParams, $configuration, ‪$isBehindReverseProxy);

        ‪$scriptFilename = $this->scriptFilename = $pathThisScript;

        $this->documentRoot = ‪self::determineDocumentRoot(‪$scriptName, ‪$scriptFilename);

        ‪$siteUrl = $this->siteUrl = ‪self::determineSiteUrl(‪$requestDir, $pathThisScript, $pathSite . '/');

        $this->sitePath = ‪self::determineSitePath(‪$requestHost, ‪$siteUrl);

        $this->siteScript = ‪self::determineSiteScript(‪$requestUrl, ‪$siteUrl);


        // @deprecated Below variables can be fully deprecated as soon as core does not use them anymore

        $this->pathInfo = $serverParams['PATH_INFO'] ?? '';

        $this->httpReferer = $serverParams['HTTP_REFERER'] ?? '';

        $this->httpUserAgent = $serverParams['HTTP_USER_AGENT'] ?? '';

        $this->httpAcceptEncoding = $serverParams['HTTP_ACCEPT_ENCODING'] ?? '';

        $this->httpAcceptLanguage = $serverParams['HTTP_ACCEPT_LANGUAGE'] ?? '';

        $this->remoteHost = $serverParams['REMOTE_HOST'] ?? '';

        $this->queryString = $serverParams['QUERY_STRING'] ?? '';

    }


    public function ‪getHttpHost(): string

    {

        return ‪$this->httpHost;

    }


    public function ‪isHttps(): bool

    {

        return ‪$this->isHttps;

    }


    public function ‪getRequestHost(): string

    {

        return ‪$this->requestHost;

    }


    public function ‪getRequestHostOnly(): string

    {

        return ‪$this->requestHostOnly;

    }


    public function ‪getRequestPort(): int

    {

        return ‪$this->requestPort;

    }


    public function ‪getScriptName(): string

    {

        return ‪$this->scriptName;

    }


    public function ‪getRequestUri(): string

    {

        return ‪$this->requestUri;

    }


    public function ‪getRequestUrl(): string

    {

        return ‪$this->requestUrl;

    }


    public function ‪getRequestScript(): string

    {

        return ‪$this->requestScript;

    }


    public function ‪getRequestDir(): string

    {

        return ‪$this->requestDir;

    }


    public function ‪isBehindReverseProxy(): bool

    {

        return ‪$this->isBehindReverseProxy;

    }


    public function ‪getRemoteAddress(): string

    {

        return ‪$this->remoteAddress;

    }


    public function ‪getScriptFilename(): string

    {

        return ‪$this->scriptFilename;

    }


    public function ‪getDocumentRoot(): string

    {

        return ‪$this->documentRoot;

    }


    public function ‪getSiteUrl(): string

    {

        return ‪$this->siteUrl;

    }


    public function ‪getSitePath(): string

    {

        return ‪$this->sitePath;

    }


    public function ‪getSiteScript(): string

    {

        return ‪$this->siteScript;

    }


    public function ‪getPathInfo(): string

    {

        return ‪$this->pathInfo;

    }


    public function ‪getHttpReferer(): string

    {

        return ‪$this->httpReferer;

    }


    public function ‪getHttpUserAgent(): string

    {

        return ‪$this->httpUserAgent;

    }


    public function ‪getHttpAcceptEncoding(): string

    {

        return ‪$this->httpAcceptEncoding;

    }


    public function ‪getHttpAcceptLanguage(): string

    {

        return ‪$this->httpAcceptLanguage;

    }


    public function ‪getRemoteHost(): string

    {

        return ‪$this->remoteHost;

    }


    public function ‪getQueryString(): string

    {

        return ‪$this->queryString;

    }


    protected static function ‪determineHttpHost(array $serverParams, array $configuration, bool ‪$isBehindReverseProxy): string

    {

        ‪$httpHost = $serverParams['HTTP_HOST'] ?? '';

        if (‪$isBehindReverseProxy) {

            // If the request comes from a configured proxy which has set HTTP_X_FORWARDED_HOST, then

            // evaluate reverseProxyHeaderMultiValue and

            $xForwardedHostArray = GeneralUtility::trimExplode(',', $serverParams['HTTP_X_FORWARDED_HOST'] ?? '', true);

            $xForwardedHost = '';

            // Choose which host in list to use

            if (!empty($xForwardedHostArray)) {

                $configuredReverseProxyHeaderMultiValue = trim($configuration['reverseProxyHeaderMultiValue'] ?? '');

                // Default if reverseProxyHeaderMultiValue is not set or set to 'none', instead of 'first' / 'last' is to

                // ignore $serverParams['HTTP_X_FORWARDED_HOST']

                // @todo: Maybe this default is stupid: Both SYS/reverseProxyIP hand SYS/reverseProxyHeaderMultiValue have to

                // @todo: be configured for a working setup. It would be easier to only configure SYS/reverseProxyIP and fall

                // @todo: back to "first" if SYS/reverseProxyHeaderMultiValue is not set.

                if ($configuredReverseProxyHeaderMultiValue === 'last') {

                    $xForwardedHost = array_pop($xForwardedHostArray);

                } elseif ($configuredReverseProxyHeaderMultiValue === 'first') {

                    $xForwardedHost = array_shift($xForwardedHostArray);

                }

            }

            if ($xForwardedHost) {

                ‪$httpHost = $xForwardedHost;

            }

        }

        if (!GeneralUtility::isAllowedHostHeaderValue(‪$httpHost)) {

            throw new \UnexpectedValueException(

                'The current host header value does not match the configured trusted hosts pattern!'

                . ' Check the pattern defined in $GLOBALS[\'TYPO3_CONF_VARS\'][\'SYS\'][\'trustedHostsPattern\']'

                . ' and adapt it, if you want to allow the current host header \'' . ‪$httpHost . '\' for your installation.',

                1396795886

            );

        }

        return $httpHost;

    }


    protected static function determineHttps(array $serverParams, array $configuration): bool

    {

        $isHttps = false;

        $configuredProxySSL = trim($configuration['reverseProxySSL'] ?? '');

        if ($configuredProxySSL === '*') {

            $configuredProxySSL = trim($configuration['reverseProxyIP'] ?? '');

        }

        $httpsParam = (string)($serverParams['HTTPS'] ?? '');

        if (GeneralUtility::cmpIP(trim($serverParams['REMOTE_ADDR'] ?? ''), $configuredProxySSL)

            || ($serverParams['SSL_SESSION_ID'] ?? '')

            // https://secure.php.net/manual/en/reserved.variables.server.php

            // "Set to a non-empty value if the script was queried through the HTTPS protocol."

            || ($httpsParam !== '' && $httpsParam !== 'off' && $httpsParam !== '0')

        ) {

            $isHttps = true;

        }

        return $isHttps;

    }


    protected static function determineScriptName(array $serverParams, array $configuration, bool $isHttps, bool $isBehindReverseProxy): string

    {

        // see https://forge.typo3.org/issues/89312

        // When using a CGI wrapper to dispatch the PHP process `ORIG_SCRIPT_NAME`

        // contains the name of the wrapper script (which is most probably outside

        // the TYPO3's project root) and leads to invalid prefixes, e.g. resolving

        // the `siteUrl` incorrectly as `http://ip10.local/fcgi/` instead of

        // actual `http://ip10.local/`

        $possiblePathInfo = ($serverParams['ORIG_PATH_INFO'] ?? '') ?: ($serverParams['PATH_INFO'] ?? '');

        $possibleScriptName = ($serverParams['ORIG_SCRIPT_NAME'] ?? '') ?: ($serverParams['SCRIPT_NAME'] ?? '');

        ‪$scriptName = ‪Environment::isRunningOnCgiServer() && $possiblePathInfo

            ? $possiblePathInfo

            : $possibleScriptName;

        if (‪$isBehindReverseProxy) {

            // Add a prefix if TYPO3 is behind a proxy: ext-domain.com => int-server.com/prefix

            if (‪$isHttps && !empty($configuration['reverseProxyPrefixSSL'])) {

                ‪$scriptName = $configuration['reverseProxyPrefixSSL'] . ‪$scriptName;

            } elseif (!empty($configuration['reverseProxyPrefix'])) {

                ‪$scriptName = $configuration['reverseProxyPrefix'] . ‪$scriptName;

            }

        }

        return ‪$scriptName;

    }


    protected static function ‪determineRequestUri(array $serverParams, array $configuration, bool ‪$isHttps, string ‪$scriptName, bool ‪$isBehindReverseProxy): string

    {

        $proxyPrefixApplied = false;

        if (!empty($configuration['requestURIvar'])) {

            // This is for URL rewriter that store the original URI in a server

            // variable (e.g. ISAPI Rewriter for IIS: HTTP_X_REWRITE_URL), a config then looks like:

            // requestURIvar = '_SERVER|HTTP_X_REWRITE_URL' which will access $GLOBALS['_SERVER']['HTTP_X_REWRITE_URL']

            list($firstLevel, $secondLevel) = GeneralUtility::trimExplode('|', $configuration['requestURIvar'], true);

            ‪$requestUri = ‪$GLOBALS[$firstLevel][$secondLevel];

        } elseif (empty($serverParams['REQUEST_URI'])) {

            // This is for ISS/CGI which does not have the REQUEST_URI available.

            ‪$queryString = !empty($serverParams['QUERY_STRING']) ? '?' . $serverParams['QUERY_STRING'] : '';

            // script name already had the proxy prefix handling, we must not add it a second time

            $proxyPrefixApplied = true;

            ‪$requestUri = '/' . ltrim(‪$scriptName, '/') . ‪$queryString;

        } else {

            ‪$requestUri = '/' . ltrim($serverParams['REQUEST_URI'], '/');

        }

        if (!$proxyPrefixApplied && ‪$isBehindReverseProxy) {

            // Add a prefix if TYPO3 is behind a proxy: ext-domain.com => int-server.com/prefix

            if (‪$isHttps && !empty($configuration['reverseProxyPrefixSSL'])) {

                ‪$requestUri = $configuration['reverseProxyPrefixSSL'] . ‪$requestUri;

            } elseif (!empty($configuration['reverseProxyPrefix'])) {

                ‪$requestUri = $configuration['reverseProxyPrefix'] . ‪$requestUri;

            }

        }

        return ‪$requestUri;

    }


    protected static function ‪determineRemoteAddress(array $serverParams, array $configuration, bool ‪$isBehindReverseProxy): string

    {

        ‪$remoteAddress = trim($serverParams['REMOTE_ADDR'] ?? '');

        if (‪$isBehindReverseProxy) {

            $ip = GeneralUtility::trimExplode(',', $serverParams['HTTP_X_FORWARDED_FOR'] ?? '', true);

            // Choose which IP in list to use

            $configuredReverseProxyHeaderMultiValue = trim($configuration['reverseProxyHeaderMultiValue'] ?? '');

            if (!empty($ip) && $configuredReverseProxyHeaderMultiValue === 'last') {

                $ip = array_pop($ip);

            } elseif (!empty($ip) && $configuredReverseProxyHeaderMultiValue === 'first') {

                $ip = array_shift($ip);

            } else {

                $ip = '';

            }

            if (GeneralUtility::validIP($ip)) {

                ‪$remoteAddress = $ip;

            }

        }

        return ‪$remoteAddress;

    }


    protected static function ‪determineIsBehindReverseProxy($serverParams, $configuration): bool

    {

        return GeneralUtility::cmpIP(trim($serverParams['REMOTE_ADDR'] ?? ''), trim($configuration['reverseProxyIP'] ?? ''));

    }


    protected static function ‪determineRequestHostOnly(string ‪$httpHost): string

    {

        $httpHostBracketPosition = strpos(‪$httpHost, ']');

        $httpHostParts = explode(':', ‪$httpHost);

        return $httpHostBracketPosition !== false ? substr(‪$httpHost, 0, $httpHostBracketPosition + 1) : array_shift($httpHostParts);

    }


    protected static function ‪determineRequestPort(string ‪$httpHost, string $httpHostOnly): int

    {

        return strlen(‪$httpHost) > strlen($httpHostOnly) ? (int)substr(‪$httpHost, strlen($httpHostOnly) + 1) : 0;

    }


    protected static function ‪determineDocumentRoot(string ‪$scriptName, string ‪$scriptFilename): string

    {

        // Get the web root (it is not the root of the TYPO3 installation)

        // Some CGI-versions (LA13CGI) and mod-rewrite rules on MODULE versions will deliver a 'wrong'

        // DOCUMENT_ROOT (according to our description). Further various aliases/mod_rewrite rules can

        // disturb this as well. Therefore the DOCUMENT_ROOT is always calculated as the SCRIPT_FILENAME

        // minus the end part shared with SCRIPT_NAME.

        $webDocRoot = '';

        $scriptNameArray = explode('/', strrev(‪$scriptName));

        $scriptFilenameArray = explode('/', strrev(‪$scriptFilename));

        $path = [];

        foreach ($scriptNameArray as $segmentNumber => $segment) {

            if ((string)$scriptFilenameArray[$segmentNumber] === (string)$segment) {

                $path[] = $segment;

            } else {

                break;

            }

        }

        $commonEnd = strrev(implode('/', $path));

        if ((string)$commonEnd !== '') {

            $webDocRoot = substr(‪$scriptFilename, 0, -(strlen($commonEnd) + 1));

        }

        return $webDocRoot;

    }


    protected static function ‪determineSiteUrl(string ‪$requestDir, string $pathThisScript, string $pathSite): string

    {

        if (defined('TYPO3_PATH_WEB')) {

            // This can only be set by external entry scripts

            ‪$siteUrl = ‪$requestDir;

        } else {

            $pathThisScriptDir = substr(dirname($pathThisScript), strlen($pathSite)) . '/';

            ‪$siteUrl = substr(‪$requestDir, 0, -strlen($pathThisScriptDir));

            ‪$siteUrl = rtrim(‪$siteUrl, '/') . '/';

        }

        return ‪$siteUrl;

    }


    protected static function ‪determineSitePath(string ‪$requestHost, string ‪$siteUrl): string

    {

        return (string)substr(‪$siteUrl, strlen(‪$requestHost));

    }


    protected static function ‪determineSiteScript(string ‪$requestUrl, string ‪$siteUrl): string

    {

        return (string)substr(‪$requestUrl, strlen(‪$siteUrl));

    }

}