9.5/_workspace_preview_8php_source.html

<?php

declare(strict_types = 1);

namespace ‪TYPO3\CMS\Workspaces\Middleware;


/*

 * This file is part of the TYPO3 CMS project.

 *

 * It is free software; you can redistribute it and/or modify it under

 * the terms of the GNU General Public License, either version 2

 * of the License, or any later version.

 *

 * For the full copyright and license information, please read the

 * LICENSE.txt file that was distributed with this source code.

 *

 * The TYPO3 project - inspiring people to share!

 */


use Psr\Http\Message\ResponseInterface;

use Psr\Http\Message\ServerRequestInterface;

use Psr\Http\Server\MiddlewareInterface;

use Psr\Http\Server\RequestHandlerInterface;

use Symfony\Component\HttpFoundation\Cookie;

use ‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication;

use ‪TYPO3\CMS\Core\Context\Context;

use ‪TYPO3\CMS\Core\Context\UserAspect;

use ‪TYPO3\CMS\Core\Context\WorkspaceAspect;

use ‪TYPO3\CMS\Core\Database\ConnectionPool;

use ‪TYPO3\CMS\Core\Http\CookieHeaderTrait;

use ‪TYPO3\CMS\Core\Http\HtmlResponse;

use ‪TYPO3\CMS\Core\Http\NormalizedParams;

use ‪TYPO3\CMS\Core\Http\Stream;

use ‪TYPO3\CMS\Core\Localization\LanguageService;

use ‪TYPO3\CMS\Core\Utility\GeneralUtility;

use ‪TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController;

use ‪TYPO3\CMS\Workspaces\Authentication\PreviewUserAuthentication;


class ‪WorkspacePreview implements MiddlewareInterface

{

    use ‪CookieHeaderTrait;


    protected ‪$previewKey = 'ADMCMD_prev';


    public function ‪process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface

    {

        $keyword = $this->‪getPreviewInputCode($request);

        if ($keyword) {

            switch ($keyword) {

                case 'IGNORE':

                    break;

                case 'LOGOUT':

                    // "log out", and unset the cookie

                    $this->‪setCookie('', $request->getAttribute('normalizedParams'));

                    $message = $this->‪getLogoutTemplateMessage($request->getQueryParams()['returnUrl'] ?? '');

                    return new ‪HtmlResponse($message);

                default:

                    // A keyword was found in a query parameter or in a cookie

                    // If the keyword is valid, activate a BE User and override any existing BE Users

                    $configuration = $this->‪getPreviewConfigurationFromRequest($request, $keyword);

                    if (is_array($configuration) && $configuration['fullWorkspace'] > 0) {

                        $previewUser = $this->‪initializePreviewUser(

                            (int)$configuration['fullWorkspace'],

                            ‪$GLOBALS['TSFE']->id

                        );

                        if ($previewUser) {

                            ‪$GLOBALS['BE_USER'] = $previewUser;

                            // Register the preview user as aspect

                            $this->‪setBackendUserAspect(GeneralUtility::makeInstance(Context::class), $previewUser);

                        }

                    }

            }

        }


        // If "ADMCMD_noBeUser" is set, then ensure that there is no workspace preview and no BE User logged in.

        // This option is solely used to ensure that a be user can preview the live version of a page in the

        // workspace preview module.

        if ($request->getQueryParams()['ADMCMD_noBeUser']) {

            ‪$GLOBALS['BE_USER'] = null;

            // Register the backend user as aspect

            $this->‪setBackendUserAspect(GeneralUtility::makeInstance(Context::class), null);

            // Caching is disabled, because otherwise generated URLs could include the ADMCMD_noBeUser parameter

            ‪$GLOBALS['TSFE']->set_no_cache('GET Parameter ADMCMD_noBeUser was given', true);

        }


        $response = $handler->handle($request);


        // Add a info box to the frontend content

        if (‪$GLOBALS['TSFE']->doWorkspacePreview() && ‪$GLOBALS['TSFE']->isOutputting()) {

            $previewInfo = $this->‪renderPreviewInfo(‪$GLOBALS['TSFE'], $request->getAttribute('normalizedParams'));

            $body = $response->getBody();

            $body->rewind();

            $content = $body->getContents();

            $content = str_ireplace('</body>', $previewInfo . '</body>', $content);

            $body = new ‪Stream('php://temp', 'rw');

            $body->write($content);

            $response = $response->withBody($body);

        }


        return $response;

    }


    protected function ‪getLogoutTemplateMessage(string $returnUrl = ''): string

    {

        $returnUrl = GeneralUtility::sanitizeLocalUrl($returnUrl);

        $returnUrl = $this->‪removePreviewParameterFromUrl($returnUrl);

        if (‪$GLOBALS['TYPO3_CONF_VARS']['FE']['workspacePreviewLogoutTemplate']) {

            $templateFile = GeneralUtility::getFileAbsFileName(‪$GLOBALS['TYPO3_CONF_VARS']['FE']['workspacePreviewLogoutTemplate']);

            if (@is_file($templateFile)) {

                $message = file_get_contents($templateFile);

            } else {

                $message = $this->‪getLanguageService()->‪sL('LLL:EXT:workspaces/Resources/Private/Language/locallang_mod.xlf:previewLogoutError');

                $message = htmlspecialchars($message);

                $message = sprintf($message, '<strong>', '</strong><br>', $templateFile);

            }

        } else {

            $message = $this->‪getLanguageService()->‪sL('LLL:EXT:workspaces/Resources/Private/Language/locallang_mod.xlf:previewLogoutSuccess');

            $message = htmlspecialchars($message);

            $message = sprintf($message, '<a href="' . htmlspecialchars($returnUrl) . '">', '</a>');

        }

        return sprintf($message, htmlspecialchars($returnUrl));

    }


    protected function ‪getPreviewConfigurationFromRequest(ServerRequestInterface $request, string $inputCode): ?array

    {

        $previewData = $this->‪getPreviewData($inputCode);

        if (!is_array($previewData)) {

            // ADMCMD command could not be executed! (No keyword configuration found)

            return null;

        }

        if ($request->getMethod() === 'POST') {

            throw new \Exception('POST requests are incompatible with keyword preview.', 1294585191);

        }

        // Validate configuration

        $previewConfig = json_decode($previewData['config'], true);

        if (!$previewConfig['fullWorkspace']) {

            throw new \Exception('Preview configuration did not include a workspace preview', 1294585190);

        }

        // If the GET parameter ADMCMD_prev is set, then a cookie is set for the next request

        if ($request->getQueryParams()[$this->previewKey] ?? false) {

            $this->‪setCookie($inputCode, $request->getAttribute('normalizedParams'));

        }

        return $previewConfig;

    }


    protected function ‪initializePreviewUser(int $workspaceUid, $requestedPageId)

    {

        if ($workspaceUid > 0) {

            $previewUser = GeneralUtility::makeInstance(PreviewUserAuthentication::class);

            $previewUser->setWebmounts([$requestedPageId]);

            if ($previewUser->setTemporaryWorkspace($workspaceUid)) {

                return $previewUser;

            }

        }

        return false;

    }


    protected function ‪setCookie(string $inputCode, ‪NormalizedParams $normalizedParams)

    {

        $cookieSameSite = $this->sanitizeSameSiteCookieValue(

            strtolower(‪$GLOBALS['TYPO3_CONF_VARS']['BE']['cookieSameSite'] ?? Cookie::SAMESITE_STRICT)

        );

        // None needs the secure option (only allowed on HTTPS)

        $cookieSecure = $cookieSameSite === Cookie::SAMESITE_NONE || $normalizedParams->‪isHttps();


        $cookie = new Cookie(

            $this->previewKey,

            $inputCode,

            0,

            $normalizedParams->‪getSitePath(),

            null,

            $cookieSecure,

            true,

            false,

            $cookieSameSite

        );

        header('Set-Cookie: ' . $cookie->__toString(), false);

    }


    protected function ‪getPreviewInputCode(ServerRequestInterface $request): string

    {

        return $request->getQueryParams()[‪$this->previewKey] ?? $request->getCookieParams()[‪$this->previewKey] ?? '';

    }


    protected function ‪getPreviewData(string $keyword)

    {

        $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)

            ->getQueryBuilderForTable('sys_preview');

        return $queryBuilder

            ->select('*')

            ->from('sys_preview')

            ->where(

                $queryBuilder->expr()->eq(

                    'keyword',

                    $queryBuilder->createNamedParameter($keyword)

                ),

                $queryBuilder->expr()->gt(

                    'endtime',

                    $queryBuilder->createNamedParameter(‪$GLOBALS['EXEC_TIME'], \PDO::PARAM_INT)

                )

            )

            ->setMaxResults(1)

            ->execute()

            ->fetch();

    }


    protected function ‪renderPreviewInfo(‪TypoScriptFrontendController $tsfe, ‪NormalizedParams $normalizedParams): string

    {

        $content = '';

        if (!isset($tsfe->config['config']['disablePreviewNotification']) || (int)$tsfe->config['config']['disablePreviewNotification'] !== 1) {

            // get the title of the current workspace

            $currentWorkspaceId = $tsfe->‪whichWorkspace();

            $currentWorkspaceTitle = $this->‪getWorkspaceTitle($currentWorkspaceId);

            $currentWorkspaceTitle = htmlspecialchars($currentWorkspaceTitle);

            if ($tsfe->config['config']['message_preview_workspace']) {

                $content = sprintf(

                    $tsfe->config['config']['message_preview_workspace'],

                    $currentWorkspaceTitle,

                    $currentWorkspaceId ?? -99

                );

            } else {

                $text = $this->‪getLanguageService()->‪sL('LLL:EXT:workspaces/Resources/Private/Language/locallang_mod.xlf:previewText');

                $text = htmlspecialchars($text);

                $text = sprintf($text, $currentWorkspaceTitle, $currentWorkspaceId ?? -99);

                $stopPreviewText = $this->‪getLanguageService()->‪sL('LLL:EXT:workspaces/Resources/Private/Language/locallang_mod.xlf:stopPreview');

                $stopPreviewText = htmlspecialchars($stopPreviewText);

                if (‪$GLOBALS['BE_USER'] instanceof ‪PreviewUserAuthentication) {

                    $url = $this->‪removePreviewParameterFromUrl($normalizedParams->‪getRequestUri());

                    $urlForStoppingPreview = $normalizedParams->‪getSiteUrl() . 'index.php?returnUrl=' . rawurlencode($url) . '&ADMCMD_prev=LOGOUT';

                    $text .= '<br><a style="color: #000; pointer-events: visible;" href="' . htmlspecialchars($urlForStoppingPreview) . '">' . $stopPreviewText . '</a>';

                }

                $styles = [];

                $styles[] = 'position: fixed';

                $styles[] = 'top: 15px';

                $styles[] = 'right: 15px';

                $styles[] = 'padding: 8px 18px';

                $styles[] = 'background: #fff3cd';

                $styles[] = 'border: 1px solid #ffeeba';

                $styles[] = 'font-family: sans-serif';

                $styles[] = 'font-size: 14px';

                $styles[] = 'font-weight: bold';

                $styles[] = 'color: #856404';

                $styles[] = 'z-index: 20000';

                $styles[] = 'user-select: none';

                $styles[] = 'pointer-events: none';

                $styles[] = 'text-align: center';

                $styles[] = 'border-radius: 2px';

                $content = '<div id="typo3-preview-info" style="' . implode(';', $styles) . '">' . $text . '</div>';

            }

        }

        return $content;

    }


    protected function ‪getWorkspaceTitle(int $workspaceId): string

    {

        $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)

            ->getQueryBuilderForTable('sys_workspace');

        $title = $queryBuilder

            ->select('title')

            ->from('sys_workspace')

            ->where(

                $queryBuilder->expr()->eq(

                    'uid',

                    $queryBuilder->createNamedParameter($workspaceId, \PDO::PARAM_INT)

                )

            )

            ->execute()

            ->fetchColumn();

        return (string)($title !== false ? $title : '');

    }


    protected function ‪removePreviewParameterFromUrl(string $url): string

    {

        return (string)preg_replace('/\\&?' . $this->previewKey . '=[[:alnum:]]+/', '', $url);

    }


    protected function ‪getLanguageService(): ‪LanguageService

    {

        return ‪$GLOBALS['LANG'] ?: GeneralUtility::makeInstance(LanguageService::class);

    }


    protected function ‪setBackendUserAspect(‪Context $context, ‪BackendUserAuthentication $user = null)

    {

        $context->‪setAspect('backend.user', GeneralUtility::makeInstance(UserAspect::class, $user));

        $context->‪setAspect('workspace', GeneralUtility::makeInstance(WorkspaceAspect::class, $user ? $user->workspace : 0));

    }

}