1 <?php

2 declare(strict_types = 1);

3 

4 namespace ‪TYPO3\CMS\Frontend\Middleware;

5 

6 /*

7  * This file is part of the TYPO3 CMS project.

8  *

9  * It is free software; you can redistribute it and/or modify it under

10  * the terms of the GNU General Public License, either version 2

11  * of the License, or any later version.

12  *

13  * For the full copyright and license information, please read the

14  * LICENSE.txt file that was distributed with this source code.

15  *

16  * The TYPO3 project - inspiring people to share!

17  */

18 

19 use Psr\Http\Message\ResponseInterface;

20 use Psr\Http\Message\ServerRequestInterface;

21 use Psr\Http\Server\MiddlewareInterface;

22 use Psr\Http\Server\RequestHandlerInterface;

23 use Psr\Log\LoggerAwareInterface;

24 use Psr\Log\LoggerAwareTrait;

25 use ‪TYPO3\CMS\Core\Http\RedirectResponse;

26 use ‪TYPO3\CMS\Core\Routing\PageArguments;

27 use ‪TYPO3\CMS\Core\TimeTracker\TimeTracker;

28 use ‪TYPO3\CMS\Core\Utility\GeneralUtility;

29 use ‪TYPO3\CMS\Core\Utility\HttpUtility;

30 use ‪TYPO3\CMS\Frontend\Controller\ErrorController;

31 use ‪TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController;

32 use ‪TYPO3\CMS\Frontend\Page\CacheHashCalculator;

33 use ‪TYPO3\CMS\Frontend\Page\PageAccessFailureReasons;

34 

38 class ‪PageArgumentValidator implements MiddlewareInterface, LoggerAwareInterface

39 {

40  use LoggerAwareTrait;

41 

47  protected ‪$cacheHashCalculator;

48 

52  protected ‪$controller;

53 

57  public function ‪__construct(‪TypoScriptFrontendController ‪$controller = null)

58  {

59  $this->controller = ‪$controller ?? ‪$GLOBALS['TSFE'];

60  $this->cacheHashCalculator = GeneralUtility::makeInstance(CacheHashCalculator::class);

61  }

62 

70  public function ‪process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface

71  {

72  $pageNotFoundOnValidationError = (bool)(‪$GLOBALS['TYPO3_CONF_VARS']['FE']['pageNotFoundOnCHashError'] ?? true);

73  $pageArguments = $request->getAttribute('routing', null);

74  if ($this->controller->no_cache && !$pageNotFoundOnValidationError) {

75  // No need to test anything if caching was already disabled.

76  } else {

77  // Evaluate the cache hash parameter or dynamic arguments when coming from a Site-based routing

78  if ($pageArguments instanceof ‪PageArguments) {

79  $queryParams = $pageArguments->getDynamicArguments();

80  } else {

81  $queryParams = $request->getQueryParams();

82  }

83  if (!empty($queryParams) && !$this->‪evaluateCacheHashParameter($queryParams, $pageNotFoundOnValidationError)) {

84  // cHash was given, but nothing to be calculated, so let's do a redirect to the current page

85  // but without the cHash

86  if ($this->controller->cHash && empty($this->controller->cHash_array)) {

87  $uri = $request->getUri();

88  unset($queryParams['cHash']);

89  $uri = $uri->withQuery(‪HttpUtility::buildQueryString($queryParams));

90  return new ‪RedirectResponse($uri, 308);

91  }

92  return GeneralUtility::makeInstance(ErrorController::class)->pageNotFoundAction(

93  $request,

94  'Request parameters could not be validated (&cHash comparison failed)',

95  ['code' => ‪PageAccessFailureReasons::CACHEHASH_COMPARISON_FAILED]

96  );

97  }

98  }

99  return $handler->handle($request);

100  }

101 

113  protected function ‪evaluateCacheHashParameter(array $queryParams, bool $pageNotFoundOnCacheHashError): bool

114  {

115  if ($this->controller->cHash !== '') {

116  // Make sure we use the page uid and not the page alias

117  $queryParams['id'] = $this->controller->id;

118  $relevantParameters = $this->cacheHashCalculator->getRelevantParameters(‪HttpUtility::buildQueryString($queryParams));

119  $this->controller->cHash_array = $relevantParameters;

120  // cHash was given, but nothing to be calculated, so cHash is unset and all is good.

121  if (empty($relevantParameters)) {

122  $this->logger->notice('The incoming cHash "' . $this->controller->cHash . '" is given but not needed. cHash is unset');

123  return false;

124  }

125  $calculatedCacheHash = $this->cacheHashCalculator->calculateCacheHash($relevantParameters);

126  if (!hash_equals($calculatedCacheHash, $this->controller->cHash)) {

127  // Early return to trigger the error controller

128  if ($pageNotFoundOnCacheHashError) {

129  return false;

130  }

131  $this->controller->no_cache = true;

132  $this->‪getTimeTracker()->‪setTSlogMessage('The incoming cHash "' . $this->controller->cHash . '" and calculated cHash "' . $calculatedCacheHash . '" did not match, so caching was disabled. The fieldlist used was "' . implode(',', array_keys($this->controller->cHash_array)) . '"', 2);

133  }

134  // No cHash is set, check if that is correct

135  } elseif ($this->cacheHashCalculator->doParametersRequireCacheHash(‪HttpUtility::buildQueryString($queryParams))) {

136  // Will disable caching

137  $this->controller->reqCHash();

138  }

139  return true;

140  }

141 

145  protected function ‪getTimeTracker(): ‪TimeTracker

146  {

147  return GeneralUtility::makeInstance(TimeTracker::class);

148  }

149 }