WorkspacePreview.php

Go to the documentation of this file.

<?php
declare(strict_types = 1);
namespace ‪TYPO3\CMS\Workspaces\Middleware;
 
/*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */
 
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Symfony\Component\HttpFoundation\Cookie;
use ‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
use ‪TYPO3\CMS\Core\Context\Context;
use ‪TYPO3\CMS\Core\Context\UserAspect;
use ‪TYPO3\CMS\Core\Context\WorkspaceAspect;
use ‪TYPO3\CMS\Core\Database\ConnectionPool;
use ‪TYPO3\CMS\Core\Http\CookieHeaderTrait;
use ‪TYPO3\CMS\Core\Http\HtmlResponse;
use ‪TYPO3\CMS\Core\Http\NormalizedParams;
use ‪TYPO3\CMS\Core\Http\Stream;
use ‪TYPO3\CMS\Core\Localization\LanguageService;
use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
use ‪TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController;
use ‪TYPO3\CMS\Workspaces\Authentication\PreviewUserAuthentication;
 
class ‪WorkspacePreview implements MiddlewareInterface
{
    use ‪CookieHeaderTrait;
 
    protected ‪$previewKey = 'ADMCMD_prev';
 
    public function ‪process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
    {
        $keyword = $this->‪getPreviewInputCode($request);
        if ($keyword) {
            switch ($keyword) {
                case 'IGNORE':
                    break;
                case 'LOGOUT':
                    // "log out", and unset the cookie
                    $this->‪setCookie('', $request->getAttribute('normalizedParams'));
                    $message = $this->‪getLogoutTemplateMessage($request->getQueryParams()['returnUrl'] ?? '');
                    return new ‪HtmlResponse($message);
                default:
                    // A keyword was found in a query parameter or in a cookie
                    // If the keyword is valid, activate a BE User and override any existing BE Users
                    $configuration = $this->‪getPreviewConfigurationFromRequest($request, $keyword);
                    if (is_array($configuration) && $configuration['fullWorkspace'] > 0) {
                        $previewUser = $this->‪initializePreviewUser(
                            (int)$configuration['fullWorkspace'],
                            ‪$GLOBALS['TSFE']->id
                        );
                        if ($previewUser) {
                            ‪$GLOBALS['BE_USER'] = $previewUser;
                            // Register the preview user as aspect
                            $this->‪setBackendUserAspect(GeneralUtility::makeInstance(Context::class), $previewUser);
                        }
                    }
            }
        }
 
        // If "ADMCMD_noBeUser" is set, then ensure that there is no workspace preview and no BE User logged in.
        // This option is solely used to ensure that a be user can preview the live version of a page in the
        // workspace preview module.
        if ($request->getQueryParams()['ADMCMD_noBeUser']) {
            ‪$GLOBALS['BE_USER'] = null;
            // Register the backend user as aspect
            $this->‪setBackendUserAspect(GeneralUtility::makeInstance(Context::class), null);
            // Caching is disabled, because otherwise generated URLs could include the ADMCMD_noBeUser parameter
            ‪$GLOBALS['TSFE']->set_no_cache('GET Parameter ADMCMD_noBeUser was given', true);
        }
 
        $response = $handler->handle($request);
 
        // Add a info box to the frontend content
        if (‪$GLOBALS['TSFE']->doWorkspacePreview() && ‪$GLOBALS['TSFE']->isOutputting()) {
            $previewInfo = $this->‪renderPreviewInfo(‪$GLOBALS['TSFE'], $request->getAttribute('normalizedParams'));
            $body = $response->getBody();
            $body->rewind();
            $content = $body->getContents();
            $content = str_ireplace('</body>', $previewInfo . '</body>', $content);
            $body = new ‪Stream('php://temp', 'rw');
            $body->write($content);
            $response = $response->withBody($body);
        }
 
        return $response;
    }
 
    protected function ‪getLogoutTemplateMessage(string $returnUrl = ''): string
    {
        $returnUrl = GeneralUtility::sanitizeLocalUrl($returnUrl);
        $returnUrl = $this->‪removePreviewParameterFromUrl($returnUrl);
        if (‪$GLOBALS['TYPO3_CONF_VARS']['FE']['workspacePreviewLogoutTemplate']) {
            $templateFile = GeneralUtility::getFileAbsFileName(‪$GLOBALS['TYPO3_CONF_VARS']['FE']['workspacePreviewLogoutTemplate']);
            if (@is_file($templateFile)) {
                $message = file_get_contents($templateFile);
            } else {
                $message = $this->‪getLanguageService()->‪sL('LLL:EXT:workspaces/Resources/Private/Language/locallang_mod.xlf:previewLogoutError');
                $message = htmlspecialchars($message);
                $message = sprintf($message, '<strong>', '</strong><br>', $templateFile);
            }
        } else {
            $message = $this->‪getLanguageService()->‪sL('LLL:EXT:workspaces/Resources/Private/Language/locallang_mod.xlf:previewLogoutSuccess');
            $message = htmlspecialchars($message);
            $message = sprintf($message, '<a href="' . htmlspecialchars($returnUrl) . '">', '</a>');
        }
        return sprintf($message, htmlspecialchars($returnUrl));
    }
 
    protected function ‪getPreviewConfigurationFromRequest(ServerRequestInterface $request, string $inputCode): ?array
    {
        $previewData = $this->‪getPreviewData($inputCode);
        if (!is_array($previewData)) {
            // ADMCMD command could not be executed! (No keyword configuration found)
            return null;
        }
        if ($request->getMethod() === 'POST') {
            throw new \Exception('POST requests are incompatible with keyword preview.', 1294585191);
        }
        // Validate configuration
        $previewConfig = json_decode($previewData['config'], true);
        if (!$previewConfig['fullWorkspace']) {
            throw new \Exception('Preview configuration did not include a workspace preview', 1294585190);
        }
        // If the GET parameter ADMCMD_prev is set, then a cookie is set for the next request
        if ($request->getQueryParams()[$this->previewKey] ?? false) {
            $this->‪setCookie($inputCode, $request->getAttribute('normalizedParams'));
        }
        return $previewConfig;
    }
 
    protected function ‪initializePreviewUser(int $workspaceUid, $requestedPageId)
    {
        if ($workspaceUid > 0) {
            $previewUser = GeneralUtility::makeInstance(PreviewUserAuthentication::class);
            $previewUser->setWebmounts([$requestedPageId]);
            if ($previewUser->setTemporaryWorkspace($workspaceUid)) {
                return $previewUser;
            }
        }
        return false;
    }
 
    protected function ‪setCookie(string $inputCode, ‪NormalizedParams $normalizedParams)
    {
        $cookieSameSite = $this->sanitizeSameSiteCookieValue(
            strtolower(‪$GLOBALS['TYPO3_CONF_VARS']['BE']['cookieSameSite'] ?? Cookie::SAMESITE_STRICT)
        );
        // None needs the secure option (only allowed on HTTPS)
        $cookieSecure = $cookieSameSite === Cookie::SAMESITE_NONE || $normalizedParams->‪isHttps();
 
        $cookie = new Cookie(
            $this->previewKey,
            $inputCode,
            0,
            $normalizedParams->‪getSitePath(),
            null,
            $cookieSecure,
            true,
            false,
            $cookieSameSite
        );
        header('Set-Cookie: ' . $cookie->__toString(), false);
    }
 
    protected function ‪getPreviewInputCode(ServerRequestInterface $request): string
    {
        return $request->getQueryParams()[‪$this->previewKey] ?? $request->getCookieParams()[‪$this->previewKey] ?? '';
    }
 
    protected function ‪getPreviewData(string $keyword)
    {
        $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)
            ->getQueryBuilderForTable('sys_preview');
        return $queryBuilder
            ->select('*')
            ->from('sys_preview')
            ->where(
                $queryBuilder->expr()->eq(
                    'keyword',
                    $queryBuilder->createNamedParameter($keyword)
                ),
                $queryBuilder->expr()->gt(
                    'endtime',
                    $queryBuilder->createNamedParameter(‪$GLOBALS['EXEC_TIME'], \PDO::PARAM_INT)
                )
            )
            ->setMaxResults(1)
            ->execute()
            ->fetch();
    }
 
    protected function ‪renderPreviewInfo(‪TypoScriptFrontendController $tsfe, ‪NormalizedParams $normalizedParams): string
    {
        $content = '';
        if (!isset($tsfe->config['config']['disablePreviewNotification']) || (int)$tsfe->config['config']['disablePreviewNotification'] !== 1) {
            // get the title of the current workspace
            $currentWorkspaceId = $tsfe->‪whichWorkspace();
            $currentWorkspaceTitle = $this->‪getWorkspaceTitle($currentWorkspaceId);
            $currentWorkspaceTitle = htmlspecialchars($currentWorkspaceTitle);
            if ($tsfe->config['config']['message_preview_workspace']) {
                $content = sprintf(
                    $tsfe->config['config']['message_preview_workspace'],
                    $currentWorkspaceTitle,
                    $currentWorkspaceId ?? -99
                );
            } else {
                $text = $this->‪getLanguageService()->‪sL('LLL:EXT:workspaces/Resources/Private/Language/locallang_mod.xlf:previewText');
                $text = htmlspecialchars($text);
                $text = sprintf($text, $currentWorkspaceTitle, $currentWorkspaceId ?? -99);
                $stopPreviewText = $this->‪getLanguageService()->‪sL('LLL:EXT:workspaces/Resources/Private/Language/locallang_mod.xlf:stopPreview');
                $stopPreviewText = htmlspecialchars($stopPreviewText);
                if (‪$GLOBALS['BE_USER'] instanceof ‪PreviewUserAuthentication) {
                    $url = $this->‪removePreviewParameterFromUrl($normalizedParams->‪getRequestUri());
                    $urlForStoppingPreview = $normalizedParams->‪getSiteUrl() . 'index.php?returnUrl=' . rawurlencode($url) . '&ADMCMD_prev=LOGOUT';
                    $text .= '<br><a style="color: #000; pointer-events: visible;" href="' . htmlspecialchars($urlForStoppingPreview) . '">' . $stopPreviewText . '</a>';
                }
                $styles = [];
                $styles[] = 'position: fixed';
                $styles[] = 'top: 15px';
                $styles[] = 'right: 15px';
                $styles[] = 'padding: 8px 18px';
                $styles[] = 'background: #fff3cd';
                $styles[] = 'border: 1px solid #ffeeba';
                $styles[] = 'font-family: sans-serif';
                $styles[] = 'font-size: 14px';
                $styles[] = 'font-weight: bold';
                $styles[] = 'color: #856404';
                $styles[] = 'z-index: 20000';
                $styles[] = 'user-select: none';
                $styles[] = 'pointer-events: none';
                $styles[] = 'text-align: center';
                $styles[] = 'border-radius: 2px';
                $content = '<div id="typo3-preview-info" style="' . implode(';', $styles) . '">' . $text . '</div>';
            }
        }
        return $content;
    }
 
    protected function ‪getWorkspaceTitle(int $workspaceId): string
    {
        $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)
            ->getQueryBuilderForTable('sys_workspace');
        $title = $queryBuilder
            ->select('title')
            ->from('sys_workspace')
            ->where(
                $queryBuilder->expr()->eq(
                    'uid',
                    $queryBuilder->createNamedParameter($workspaceId, \PDO::PARAM_INT)
                )
            )
            ->execute()
            ->fetchColumn();
        return (string)($title !== false ? $title : '');
    }
 
    protected function ‪removePreviewParameterFromUrl(string $url): string
    {
        return (string)preg_replace('/\\&?' . $this->previewKey . '=[[:alnum:]]+/', '', $url);
    }
 
    protected function ‪getLanguageService(): ‪LanguageService
    {
        return ‪$GLOBALS['LANG'] ?: GeneralUtility::makeInstance(LanguageService::class);
    }
 
    protected function ‪setBackendUserAspect(‪Context $context, ‪BackendUserAuthentication $user = null)
    {
        $context->‪setAspect('backend.user', GeneralUtility::makeInstance(UserAspect::class, $user));
        $context->‪setAspect('workspace', GeneralUtility::makeInstance(WorkspaceAspect::class, $user ? $user->workspace : 0));
    }
}