NormalizedParams.php

Go to the documentation of this file.

<?php
declare(strict_types = 1);
namespace ‪TYPO3\CMS\Core\Http;
 
/*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */
 
use ‪TYPO3\CMS\Core\Core\Environment;
use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
 
class ‪NormalizedParams
{
    protected ‪$httpHost = '';
 
    protected ‪$isHttps = false;
 
    protected ‪$requestHost = '';
 
    protected ‪$requestHostOnly = '';
 
    protected ‪$requestPort = 0;
 
    protected ‪$scriptName = '';
 
    protected ‪$requestUri = '';
 
    protected ‪$requestUrl = '';
 
    protected ‪$requestScript = '';
 
    protected ‪$requestDir = '';
 
    protected ‪$isBehindReverseProxy = false;
 
    protected ‪$remoteAddress = '';
 
    protected ‪$scriptFilename = '';
 
    protected ‪$documentRoot = '';
 
    protected ‪$siteUrl = '';
 
    protected ‪$sitePath = '';
 
    protected ‪$siteScript = '';
 
    protected ‪$pathInfo = '';
 
    protected ‪$httpReferer = '';
 
    protected ‪$httpUserAgent = '';
 
    protected ‪$httpAcceptEncoding = '';
 
    protected ‪$httpAcceptLanguage = '';
 
    protected ‪$remoteHost = '';
 
    protected ‪$queryString = '';
 
    public function ‪__construct(array $serverParams, array $configuration, string $pathThisScript, string $pathSite)
    {
        ‪$isBehindReverseProxy = $this->‪isBehindReverseProxy = ‪self::determineIsBehindReverseProxy($serverParams, $configuration);
        ‪$httpHost = $this->httpHost = ‪self::determineHttpHost($serverParams, $configuration, ‪$isBehindReverseProxy);
        ‪$isHttps = $this->‪isHttps = ‪self::determineHttps($serverParams, $configuration);
        ‪$requestHost = $this->requestHost = (‪$isHttps ? 'https://' : 'http://') . ‪$httpHost;
        ‪$requestHostOnly = $this->requestHostOnly = ‪self::determineRequestHostOnly(‪$httpHost);
        $this->requestPort = ‪self::determineRequestPort(‪$httpHost, ‪$requestHostOnly);
        ‪$scriptName = $this->scriptName = ‪self::determineScriptName($serverParams, $configuration, ‪$isHttps, ‪$isBehindReverseProxy);
        ‪$requestUri = $this->requestUri = ‪self::determineRequestUri($serverParams, $configuration, ‪$isHttps, ‪$scriptName, ‪$isBehindReverseProxy);
        ‪$requestUrl = $this->requestUrl = ‪$requestHost . ‪$requestUri;
        $this->requestScript = ‪$requestHost . ‪$scriptName;
        ‪$requestDir = $this->requestDir = ‪$requestHost . GeneralUtility::dirname(‪$scriptName) . '/';
        $this->remoteAddress = ‪self::determineRemoteAddress($serverParams, $configuration, ‪$isBehindReverseProxy);
        ‪$scriptFilename = $this->scriptFilename = $pathThisScript;
        $this->documentRoot = ‪self::determineDocumentRoot(‪$scriptName, ‪$scriptFilename);
        ‪$siteUrl = $this->siteUrl = ‪self::determineSiteUrl(‪$requestDir, $pathThisScript, $pathSite . '/');
        $this->sitePath = ‪self::determineSitePath(‪$requestHost, ‪$siteUrl);
        $this->siteScript = ‪self::determineSiteScript(‪$requestUrl, ‪$siteUrl);
 
        // @deprecated Below variables can be fully deprecated as soon as core does not use them anymore
        $this->pathInfo = $serverParams['PATH_INFO'] ?? '';
        $this->httpReferer = $serverParams['HTTP_REFERER'] ?? '';
        $this->httpUserAgent = $serverParams['HTTP_USER_AGENT'] ?? '';
        $this->httpAcceptEncoding = $serverParams['HTTP_ACCEPT_ENCODING'] ?? '';
        $this->httpAcceptLanguage = $serverParams['HTTP_ACCEPT_LANGUAGE'] ?? '';
        $this->remoteHost = $serverParams['REMOTE_HOST'] ?? '';
        $this->queryString = $serverParams['QUERY_STRING'] ?? '';
    }
 
    public function ‪getHttpHost(): string
    {
        return ‪$this->httpHost;
    }
 
    public function ‪isHttps(): bool
    {
        return ‪$this->isHttps;
    }
 
    public function ‪getRequestHost(): string
    {
        return ‪$this->requestHost;
    }
 
    public function ‪getRequestHostOnly(): string
    {
        return ‪$this->requestHostOnly;
    }
 
    public function ‪getRequestPort(): int
    {
        return ‪$this->requestPort;
    }
 
    public function ‪getScriptName(): string
    {
        return ‪$this->scriptName;
    }
 
    public function ‪getRequestUri(): string
    {
        return ‪$this->requestUri;
    }
 
    public function ‪getRequestUrl(): string
    {
        return ‪$this->requestUrl;
    }
 
    public function ‪getRequestScript(): string
    {
        return ‪$this->requestScript;
    }
 
    public function ‪getRequestDir(): string
    {
        return ‪$this->requestDir;
    }
 
    public function ‪isBehindReverseProxy(): bool
    {
        return ‪$this->isBehindReverseProxy;
    }
 
    public function ‪getRemoteAddress(): string
    {
        return ‪$this->remoteAddress;
    }
 
    public function ‪getScriptFilename(): string
    {
        return ‪$this->scriptFilename;
    }
 
    public function ‪getDocumentRoot(): string
    {
        return ‪$this->documentRoot;
    }
 
    public function ‪getSiteUrl(): string
    {
        return ‪$this->siteUrl;
    }
 
    public function ‪getSitePath(): string
    {
        return ‪$this->sitePath;
    }
 
    public function ‪getSiteScript(): string
    {
        return ‪$this->siteScript;
    }
 
    public function ‪getPathInfo(): string
    {
        return ‪$this->pathInfo;
    }
 
    public function ‪getHttpReferer(): string
    {
        return ‪$this->httpReferer;
    }
 
    public function ‪getHttpUserAgent(): string
    {
        return ‪$this->httpUserAgent;
    }
 
    public function ‪getHttpAcceptEncoding(): string
    {
        return ‪$this->httpAcceptEncoding;
    }
 
    public function ‪getHttpAcceptLanguage(): string
    {
        return ‪$this->httpAcceptLanguage;
    }
 
    public function ‪getRemoteHost(): string
    {
        return ‪$this->remoteHost;
    }
 
    public function ‪getQueryString(): string
    {
        return ‪$this->queryString;
    }
 
    protected static function ‪determineHttpHost(array $serverParams, array $configuration, bool ‪$isBehindReverseProxy): string
    {
        ‪$httpHost = $serverParams['HTTP_HOST'] ?? '';
        if (‪$isBehindReverseProxy) {
            // If the request comes from a configured proxy which has set HTTP_X_FORWARDED_HOST, then
            // evaluate reverseProxyHeaderMultiValue and
            $xForwardedHostArray = GeneralUtility::trimExplode(',', $serverParams['HTTP_X_FORWARDED_HOST'] ?? '', true);
            $xForwardedHost = '';
            // Choose which host in list to use
            if (!empty($xForwardedHostArray)) {
                $configuredReverseProxyHeaderMultiValue = trim($configuration['reverseProxyHeaderMultiValue'] ?? '');
                // Default if reverseProxyHeaderMultiValue is not set or set to 'none', instead of 'first' / 'last' is to
                // ignore $serverParams['HTTP_X_FORWARDED_HOST']
                // @todo: Maybe this default is stupid: Both SYS/reverseProxyIP hand SYS/reverseProxyHeaderMultiValue have to
                // @todo: be configured for a working setup. It would be easier to only configure SYS/reverseProxyIP and fall
                // @todo: back to "first" if SYS/reverseProxyHeaderMultiValue is not set.
                if ($configuredReverseProxyHeaderMultiValue === 'last') {
                    $xForwardedHost = array_pop($xForwardedHostArray);
                } elseif ($configuredReverseProxyHeaderMultiValue === 'first') {
                    $xForwardedHost = array_shift($xForwardedHostArray);
                }
            }
            if ($xForwardedHost) {
                ‪$httpHost = $xForwardedHost;
            }
        }
        if (!GeneralUtility::isAllowedHostHeaderValue(‪$httpHost)) {
            throw new \UnexpectedValueException(
                'The current host header value does not match the configured trusted hosts pattern!'
                . ' Check the pattern defined in $GLOBALS[\'TYPO3_CONF_VARS\'][\'SYS\'][\'trustedHostsPattern\']'
                . ' and adapt it, if you want to allow the current host header \'' . ‪$httpHost . '\' for your installation.',
                1396795886
            );
        }
        return $httpHost;
    }
 
    protected static function determineHttps(array $serverParams, array $configuration): bool
    {
        $isHttps = false;
        $configuredProxySSL = trim($configuration['reverseProxySSL'] ?? '');
        if ($configuredProxySSL === '*') {
            $configuredProxySSL = trim($configuration['reverseProxyIP'] ?? '');
        }
        $httpsParam = (string)($serverParams['HTTPS'] ?? '');
        if (GeneralUtility::cmpIP(trim($serverParams['REMOTE_ADDR'] ?? ''), $configuredProxySSL)
            || ($serverParams['SSL_SESSION_ID'] ?? '')
            // https://secure.php.net/manual/en/reserved.variables.server.php
            // "Set to a non-empty value if the script was queried through the HTTPS protocol."
            || ($httpsParam !== '' && $httpsParam !== 'off' && $httpsParam !== '0')
        ) {
            $isHttps = true;
        }
        return $isHttps;
    }
 
    protected static function determineScriptName(array $serverParams, array $configuration, bool $isHttps, bool $isBehindReverseProxy): string
    {
        // see https://forge.typo3.org/issues/89312
        // When using a CGI wrapper to dispatch the PHP process `ORIG_SCRIPT_NAME`
        // contains the name of the wrapper script (which is most probably outside
        // the TYPO3's project root) and leads to invalid prefixes, e.g. resolving
        // the `siteUrl` incorrectly as `http://ip10.local/fcgi/` instead of
        // actual `http://ip10.local/`
        $possiblePathInfo = ($serverParams['ORIG_PATH_INFO'] ?? '') ?: ($serverParams['PATH_INFO'] ?? '');
        $possibleScriptName = ($serverParams['ORIG_SCRIPT_NAME'] ?? '') ?: ($serverParams['SCRIPT_NAME'] ?? '');
        ‪$scriptName = ‪Environment::isRunningOnCgiServer() && $possiblePathInfo
            ? $possiblePathInfo
            : $possibleScriptName;
        if (‪$isBehindReverseProxy) {
            // Add a prefix if TYPO3 is behind a proxy: ext-domain.com => int-server.com/prefix
            if (‪$isHttps && !empty($configuration['reverseProxyPrefixSSL'])) {
                ‪$scriptName = $configuration['reverseProxyPrefixSSL'] . ‪$scriptName;
            } elseif (!empty($configuration['reverseProxyPrefix'])) {
                ‪$scriptName = $configuration['reverseProxyPrefix'] . ‪$scriptName;
            }
        }
        return ‪$scriptName;
    }
 
    protected static function ‪determineRequestUri(array $serverParams, array $configuration, bool ‪$isHttps, string ‪$scriptName, bool ‪$isBehindReverseProxy): string
    {
        $proxyPrefixApplied = false;
        if (!empty($configuration['requestURIvar'])) {
            // This is for URL rewriter that store the original URI in a server
            // variable (e.g. ISAPI Rewriter for IIS: HTTP_X_REWRITE_URL), a config then looks like:
            // requestURIvar = '_SERVER|HTTP_X_REWRITE_URL' which will access $GLOBALS['_SERVER']['HTTP_X_REWRITE_URL']
            list($firstLevel, $secondLevel) = GeneralUtility::trimExplode('|', $configuration['requestURIvar'], true);
            ‪$requestUri = ‪$GLOBALS[$firstLevel][$secondLevel];
        } elseif (empty($serverParams['REQUEST_URI'])) {
            // This is for ISS/CGI which does not have the REQUEST_URI available.
            ‪$queryString = !empty($serverParams['QUERY_STRING']) ? '?' . $serverParams['QUERY_STRING'] : '';
            // script name already had the proxy prefix handling, we must not add it a second time
            $proxyPrefixApplied = true;
            ‪$requestUri = '/' . ltrim(‪$scriptName, '/') . ‪$queryString;
        } else {
            ‪$requestUri = '/' . ltrim($serverParams['REQUEST_URI'], '/');
        }
        if (!$proxyPrefixApplied && ‪$isBehindReverseProxy) {
            // Add a prefix if TYPO3 is behind a proxy: ext-domain.com => int-server.com/prefix
            if (‪$isHttps && !empty($configuration['reverseProxyPrefixSSL'])) {
                ‪$requestUri = $configuration['reverseProxyPrefixSSL'] . ‪$requestUri;
            } elseif (!empty($configuration['reverseProxyPrefix'])) {
                ‪$requestUri = $configuration['reverseProxyPrefix'] . ‪$requestUri;
            }
        }
        return ‪$requestUri;
    }
 
    protected static function ‪determineRemoteAddress(array $serverParams, array $configuration, bool ‪$isBehindReverseProxy): string
    {
        ‪$remoteAddress = trim($serverParams['REMOTE_ADDR'] ?? '');
        if (‪$isBehindReverseProxy) {
            $ip = GeneralUtility::trimExplode(',', $serverParams['HTTP_X_FORWARDED_FOR'] ?? '', true);
            // Choose which IP in list to use
            $configuredReverseProxyHeaderMultiValue = trim($configuration['reverseProxyHeaderMultiValue'] ?? '');
            if (!empty($ip) && $configuredReverseProxyHeaderMultiValue === 'last') {
                $ip = array_pop($ip);
            } elseif (!empty($ip) && $configuredReverseProxyHeaderMultiValue === 'first') {
                $ip = array_shift($ip);
            } else {
                $ip = '';
            }
            if (GeneralUtility::validIP($ip)) {
                ‪$remoteAddress = $ip;
            }
        }
        return ‪$remoteAddress;
    }
 
    protected static function ‪determineIsBehindReverseProxy($serverParams, $configuration): bool
    {
        return GeneralUtility::cmpIP(trim($serverParams['REMOTE_ADDR'] ?? ''), trim($configuration['reverseProxyIP'] ?? ''));
    }
 
    protected static function ‪determineRequestHostOnly(string ‪$httpHost): string
    {
        $httpHostBracketPosition = strpos(‪$httpHost, ']');
        $httpHostParts = explode(':', ‪$httpHost);
        return $httpHostBracketPosition !== false ? substr(‪$httpHost, 0, $httpHostBracketPosition + 1) : array_shift($httpHostParts);
    }
 
    protected static function ‪determineRequestPort(string ‪$httpHost, string $httpHostOnly): int
    {
        return strlen(‪$httpHost) > strlen($httpHostOnly) ? (int)substr(‪$httpHost, strlen($httpHostOnly) + 1) : 0;
    }
 
    protected static function ‪determineDocumentRoot(string ‪$scriptName, string ‪$scriptFilename): string
    {
        // Get the web root (it is not the root of the TYPO3 installation)
        // Some CGI-versions (LA13CGI) and mod-rewrite rules on MODULE versions will deliver a 'wrong'
        // DOCUMENT_ROOT (according to our description). Further various aliases/mod_rewrite rules can
        // disturb this as well. Therefore the DOCUMENT_ROOT is always calculated as the SCRIPT_FILENAME
        // minus the end part shared with SCRIPT_NAME.
        $webDocRoot = '';
        $scriptNameArray = explode('/', strrev(‪$scriptName));
        $scriptFilenameArray = explode('/', strrev(‪$scriptFilename));
        $path = [];
        foreach ($scriptNameArray as $segmentNumber => $segment) {
            if ((string)$scriptFilenameArray[$segmentNumber] === (string)$segment) {
                $path[] = $segment;
            } else {
                break;
            }
        }
        $commonEnd = strrev(implode('/', $path));
        if ((string)$commonEnd !== '') {
            $webDocRoot = substr(‪$scriptFilename, 0, -(strlen($commonEnd) + 1));
        }
        return $webDocRoot;
    }
 
    protected static function ‪determineSiteUrl(string ‪$requestDir, string $pathThisScript, string $pathSite): string
    {
        if (defined('TYPO3_PATH_WEB')) {
            // This can only be set by external entry scripts
            ‪$siteUrl = ‪$requestDir;
        } else {
            $pathThisScriptDir = substr(dirname($pathThisScript), strlen($pathSite)) . '/';
            ‪$siteUrl = substr(‪$requestDir, 0, -strlen($pathThisScriptDir));
            ‪$siteUrl = rtrim(‪$siteUrl, '/') . '/';
        }
        return ‪$siteUrl;
    }
 
    protected static function ‪determineSitePath(string ‪$requestHost, string ‪$siteUrl): string
    {
        return (string)substr(‪$siteUrl, strlen(‪$requestHost));
    }
 
    protected static function ‪determineSiteScript(string ‪$requestUrl, string ‪$siteUrl): string
    {
        return (string)substr(‪$requestUrl, strlen(‪$siteUrl));
    }
}