public static function getDevMode() { if (self::$devMode === null) { self::$devMode = t3lib_div::cmpIP(t3lib_div::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask']); } return self::$devMode; }
/** * Find usergroup records, currently only for frontend * * @param array Data of user. * @param array Group data array of already known groups. This is handy if you want select other related groups. Keys in this array are unique IDs of those groups. * @return mixed Groups array, keys = uid which must be unique */ function getGroups($user, $knownGroups) { global $TYPO3_CONF_VARS; $groupDataArr = array(); if ($this->mode == 'getGroupsFE') { $groups = array(); if (is_array($user) && $user[$this->db_user['usergroup_column']]) { $groupList = $user[$this->db_user['usergroup_column']]; $groups = array(); $this->getSubGroups($groupList, '', $groups); } // ADD group-numbers if the IPmask matches. if (is_array($TYPO3_CONF_VARS['FE']['IPmaskMountGroups'])) { foreach ($TYPO3_CONF_VARS['FE']['IPmaskMountGroups'] as $IPel) { if ($this->authInfo['REMOTE_ADDR'] && $IPel[0] && t3lib_div::cmpIP($this->authInfo['REMOTE_ADDR'], $IPel[0])) { $groups[] = intval($IPel[1]); } } } $groups = array_unique($groups); if (count($groups)) { $list = implode(',', $groups); if ($this->writeDevLog) { t3lib_div::devLog('Get usergroups with id: ' . $list, 'tx_sv_auth'); } $lockToDomain_SQL = ' AND (lockToDomain=\'\' OR lockToDomain IS NULL OR lockToDomain=\'' . $this->authInfo['HTTP_HOST'] . '\')'; if (!$this->authInfo['showHiddenRecords']) { $hiddenP = 'AND hidden=0 '; } $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', $this->db_groups['table'], 'deleted=0 ' . $hiddenP . ' AND uid IN (' . $list . ')' . $lockToDomain_SQL); while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) { $groupDataArr[$row['uid']] = $row; } if ($res) { $GLOBALS['TYPO3_DB']->sql_free_result($res); } } else { if ($this->writeDevLog) { t3lib_div::devLog('No usergroups found.', 'tx_sv_auth', 2); } } } elseif ($this->mode == 'getGroupsBE') { # Get the BE groups here # still needs to be implemented in t3lib_userauthgroup } return $groupDataArr; }
/** * IP-based Access restrictions * @TODO: in util_dev auslagern!? * * @param string $remoteAddress * @param string $devIPmask * @return boolean */ public static function isDevIpMask($remoteAddress = '', $devIPmask = '') { $devIPmask = trim(strcmp($devIPmask, '') ? $devIPmask : $GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask']); $remoteAddress = trim(strcmp($remoteAddress, '') ? $remoteAddress : t3lib_div::getIndpEnv('REMOTE_ADDR')); return t3lib_div::cmpIP($remoteAddress, $devIPmask); }
/** * Returns a link to the BE login screen with redirect to the front-end * * @return string HTML, a tag for a link to the backend. */ function beLoginLinkIPList() { if (!empty($this->config['config']['beLoginLinkIPList'])) { if (t3lib_div::cmpIP(t3lib_div::getIndpEnv('REMOTE_ADDR'), $this->config['config']['beLoginLinkIPList'])) { $label = !$this->beUserLogin ? $this->config['config']['beLoginLinkIPList_login'] : $this->config['config']['beLoginLinkIPList_logout']; if ($label) { if (!$this->beUserLogin) { $link = '<a href="' . htmlspecialchars(TYPO3_mainDir . 'index.php?redirect_url=' . rawurlencode(t3lib_div::getIndpEnv('REQUEST_URI'))) . '">' . $label . '</a>'; } else { $link = '<a href="' . htmlspecialchars(TYPO3_mainDir . 'index.php?L=OUT&redirect_url=' . rawurlencode(t3lib_div::getIndpEnv('REQUEST_URI'))) . '">' . $label . '</a>'; } return $link; } } } }
/** * If TYPO3_CONF_VARS['BE']['enabledBeUserIPLock'] is enabled and an IP-list is found in the User TSconfig objString "options.lockToIP", then make an IP comparison with REMOTE_ADDR and return the outcome (true/false) * * @return boolean True, if IP address validates OK (or no check is done at all) * @access private */ function checkLockToIP() { global $TYPO3_CONF_VARS; $out = 1; if ($TYPO3_CONF_VARS['BE']['enabledBeUserIPLock']) { $IPList = $this->getTSConfigVal('options.lockToIP'); if (trim($IPList)) { $baseIP = t3lib_div::getIndpEnv('REMOTE_ADDR'); $out = t3lib_div::cmpIP($baseIP, $IPList); } } return $out; }
/** * Checks if the current client ip is allowed. * * @param string $whitelist * The ip whitelist. * * @return bool * Whether the current client ip is allowed or not. */ public function isAllowedIp($whitelist) { $remote = $_SERVER['REMOTE_ADDR']; // Use TYPO3 v6+ cmpIP if possible. if (is_callable(array('TYPO3\\CMS\\Core\\Utility\\GeneralUtility', 'cmpIP'))) { return \TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP($remote, $whitelist); } // Use TYPO3 v6- cmpIP if possible. if (is_callable(array('t3lib_div', 'cmpIP'))) { return \t3lib_div::cmpIP($remote, $whitelist); } // Fallback to the Chin Leung implementation. // @author Chin Leung // @see https://stackoverflow.com/questions/35559119/php-ip-address-whitelist-with-wildcards $whitelist = explode(',', $whitelist); if (in_array($remote, $whitelist)) { // If the ip is matched, return true. return true; } else { // Check the wildcards. foreach ($whitelist as $ip) { $ip = trim($ip); $wildcardPos = strpos($ip, "*"); # Check if the ip has a wildcard if ($wildcardPos !== false && substr($remote, 0, $wildcardPos) . "*" == $ip) { return true; } } } return false; }
// ********************* if ($temp_extId = t3lib_div::_GP('eID')) { if ($classPath = t3lib_div::getFileAbsFileName($TYPO3_CONF_VARS['FE']['eID_include'][$temp_extId])) { // Remove any output produced until now ob_clean(); require $classPath; } exit; } // *********************************** // Create $TSFE object (TSFE = TypoScript Front End) // Connecting to database // *********************************** $TSFE = t3lib_div::makeInstance('tslib_fe', $TYPO3_CONF_VARS, t3lib_div::_GP('id'), t3lib_div::_GP('type'), t3lib_div::_GP('no_cache'), t3lib_div::_GP('cHash'), t3lib_div::_GP('jumpurl'), t3lib_div::_GP('MP'), t3lib_div::_GP('RDCT')); /** @var $TSFE tslib_fe */ if ($TYPO3_CONF_VARS['FE']['pageUnavailable_force'] && !t3lib_div::cmpIP(t3lib_div::getIndpEnv('REMOTE_ADDR'), $TYPO3_CONF_VARS['SYS']['devIPmask'])) { $TSFE->pageUnavailableAndExit('This page is temporarily unavailable.'); } $TSFE->connectToDB(); // In case of a keyword-authenticated preview, re-initialize the TSFE object: if ($temp_previewConfig = $TSFE->ADMCMD_preview()) { $TSFE = t3lib_div::makeInstance('tslib_fe', $TYPO3_CONF_VARS, t3lib_div::_GP('id'), t3lib_div::_GP('type'), t3lib_div::_GP('no_cache'), t3lib_div::_GP('cHash'), t3lib_div::_GP('jumpurl'), t3lib_div::_GP('MP'), t3lib_div::_GP('RDCT')); $TSFE->ADMCMD_preview_postInit($temp_previewConfig); } if ($TSFE->RDCT) { $TSFE->sendRedirect(); } // ******************* // Output compression // ******************* // Remove any output produced until now
/** * Evaluates a TypoScript condition given as input, eg. "[browser=net][...(other conditions)...]" * * @param string The condition to match against its criterias. * @return mixed Returns true or false based on the evaluation */ protected function evaluateConditionCommon($key, $value) { if (t3lib_div::inList('browser,version,system,useragent', strtolower($key))) { $browserInfo = $this->getBrowserInfo(t3lib_div::getIndpEnv('HTTP_USER_AGENT')); } switch ($key) { case 'browser': $values = t3lib_div::trimExplode(',', $value, true); // take all identified browsers into account, eg chrome deliver // webkit=>532.5, chrome=>4.1, safari=>532.5 // so comparing string will be // "webkit532.5 chrome4.1 safari532.5" $all = ''; foreach ($browserInfo['all'] as $key => $value) { $all .= $key . $value . ' '; } foreach ($values as $test) { if (stripos($all, $test) !== false) { return true; } } break; case 'version': $values = t3lib_div::trimExplode(',', $value, true); foreach ($values as $test) { if (strcspn($test, '=<>') == 0) { switch (substr($test, 0, 1)) { case '=': if (doubleval(substr($test, 1)) == $browserInfo['version']) { return true; } break; case '<': if (doubleval(substr($test, 1)) > $browserInfo['version']) { return true; } break; case '>': if (doubleval(substr($test, 1)) < $browserInfo['version']) { return true; } break; } } else { if (strpos(' ' . $browserInfo['version'], $test) == 1) { return true; } } } break; case 'system': $values = t3lib_div::trimExplode(',', $value, true); foreach ($values as $test) { if (strpos(' ' . $browserInfo['system'], $test) == 1) { return true; } } break; case 'device': if (!isset($this->deviceInfo)) { $this->deviceInfo = $this->getDeviceType(t3lib_div::getIndpEnv('HTTP_USER_AGENT')); } $values = t3lib_div::trimExplode(',', $value, true); foreach ($values as $test) { if ($this->deviceInfo == $test) { return true; } } break; case 'useragent': $test = trim($value); if (strlen($test)) { return $this->searchStringWildcard($browserInfo['useragent'], $test); } break; case 'language': $values = t3lib_div::trimExplode(',', $value, true); foreach ($values as $test) { if (preg_match('/^\\*.+\\*$/', $test)) { $allLanguages = preg_split('/[,;]/', t3lib_div::getIndpEnv('HTTP_ACCEPT_LANGUAGE')); if (in_array(substr($test, 1, -1), $allLanguages)) { return true; } } else { if (t3lib_div::getIndpEnv('HTTP_ACCEPT_LANGUAGE') == $test) { return true; } } } break; case 'IP': if (t3lib_div::cmpIP(t3lib_div::getIndpEnv('REMOTE_ADDR'), $value)) { return true; } break; case 'hostname': if (t3lib_div::cmpFQDN(t3lib_div::getIndpEnv('REMOTE_ADDR'), $value)) { return true; } break; // hour, minute, dayofweek, dayofmonth, month, year, julianday // hour, minute, dayofweek, dayofmonth, month, year, julianday case 'hour': case 'minute': case 'month': case 'year': case 'dayofweek': case 'dayofmonth': case 'dayofyear': $theEvalTime = $GLOBALS['SIM_EXEC_TIME']; // In order to simulate time properly in templates. switch ($key) { case 'hour': $theTestValue = date('H', $theEvalTime); break; case 'minute': $theTestValue = date('i', $theEvalTime); break; case 'month': $theTestValue = date('m', $theEvalTime); break; case 'year': $theTestValue = date('Y', $theEvalTime); break; case 'dayofweek': $theTestValue = date('w', $theEvalTime); break; case 'dayofmonth': $theTestValue = date('d', $theEvalTime); break; case 'dayofyear': $theTestValue = date('z', $theEvalTime); break; } $theTestValue = intval($theTestValue); // comp $values = t3lib_div::trimExplode(',', $value, true); foreach ($values as $test) { if (t3lib_div::testInt($test)) { $test = '=' . $test; } if ($this->compareNumber($test, $theTestValue)) { return true; } } break; case 'compatVersion': return t3lib_div::compat_version($value); break; case 'loginUser': if ($this->isUserLoggedIn()) { $values = t3lib_div::trimExplode(',', $value, true); foreach ($values as $test) { if ($test == '*' || !strcmp($this->getUserId(), $test)) { return true; } } } else { if ($value === '') { return TRUE; } } break; case 'globalVar': $values = t3lib_div::trimExplode(',', $value, true); foreach ($values as $test) { $point = strcspn($test, '!=<>'); $theVarName = substr($test, 0, $point); $nv = $this->getVariable(trim($theVarName)); $testValue = substr($test, $point); if ($this->compareNumber($testValue, $nv)) { return true; } } break; case 'globalString': $values = t3lib_div::trimExplode(',', $value, true); foreach ($values as $test) { $point = strcspn($test, '='); $theVarName = substr($test, 0, $point); $nv = $this->getVariable(trim($theVarName)); $testValue = substr($test, $point + 1); if ($this->searchStringWildcard($nv, trim($testValue))) { return true; } } break; case 'userFunc': $values = preg_split('/\\(|\\)/', $value); $funcName = trim($values[0]); $funcValue = t3lib_div::trimExplode(',', $values[1]); $prefix = $this->getUserFuncClassPrefix(); if ($prefix && !t3lib_div::isFirstPartOfStr(trim($funcName), $prefix) && !t3lib_div::isFirstPartOfStr(trim($funcName), 'tx_')) { $this->log('Match condition: Function "' . $funcName . '" was not prepended with "' . $prefix . '"'); return false; } if (function_exists($funcName) && call_user_func($funcName, $funcValue[0])) { return true; } break; } return NULL; }
public function initFE() { global $TT, $TSFE; // *********************************** // Create $TSFE object (TSFE = TypoScript Front End) // Connecting to database // *********************************** $TSFE = t3lib_div::makeInstance('tslib_fe', $TYPO3_CONF_VARS, t3lib_div::_GP('id'), t3lib_div::_GP('type'), t3lib_div::_GP('no_cache'), t3lib_div::_GP('cHash'), t3lib_div::_GP('jumpurl'), t3lib_div::_GP('MP'), t3lib_div::_GP('RDCT')); if ($TYPO3_CONF_VARS['FE']['pageUnavailable_force'] && !t3lib_div::cmpIP(t3lib_div::getIndpEnv('REMOTE_ADDR'), $TYPO3_CONF_VARS['SYS']['devIPmask'])) { $TSFE->pageUnavailableAndExit('This page is temporarily unavailable.'); } $TSFE->connectToDB(); if ($TSFE->RDCT) { $TSFE->sendRedirect(); } // ********* // FE_USER // ********* $TT->push('Front End user initialized', ''); $TSFE->initFEuser(); $TT->pull(); // ***************************************** // Proces the ID, type and other parameters // After this point we have an array, $page in TSFE, which is the // page-record of the current page, $id // ***************************************** $TT->push('Process ID', ''); // not needed and doesnot work with realurl // $TSFE->checkAlternativeIdMethods(); $TSFE->clear_preview(); $TSFE->determineId(); // Now, if there is a backend user logged in and he has NO access to // this page, then re-evaluate the id shown! if ($TSFE->beUserLogin && !$BE_USER->extPageReadAccess($TSFE->page)) { // Remove user unset($BE_USER); $TSFE->beUserLogin = 0; // Re-evaluate the page-id. $TSFE->checkAlternativeIdMethods(); $TSFE->clear_preview(); $TSFE->determineId(); } $TSFE->makeCacheHash(); $TT->pull(); // ******************************************* // Get compressed $TCA-Array(); // After this, we should now have a valid $TCA, though minimized // ******************************************* $TSFE->getCompressedTCarray(); // ******************************** // Starts the template // ******************************* $TT->push('Start Template', ''); $TSFE->initTemplate(); $TSFE->tmpl->getFileName_backPath = PATH_site; $TT->pull(); // ****************************************************** // Get config if not already gotten // After this, we should have a valid config-array ready // ****************************************************** $TSFE->getConfigArray(); }
/** * Explain select queries * If $this->explainOutput is set, SELECT queries will be explained here. Only queries with more than one possible result row will be displayed. * The output is either printed as raw HTML output or embedded into the TS admin panel (checkbox must be enabled!) * * TODO: Feature is not DBAL-compliant * * @param string SQL query * @param string Table(s) from which to select. This is what comes right after "FROM ...". Required value. * @param integer Number of resulting rows * @return boolean True if explain was run, false otherwise */ protected function explain($query, $from_table, $row_count) { if ((int) $this->explainOutput == 1 || (int) $this->explainOutput == 2 && t3lib_div::cmpIP(t3lib_div::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask'])) { // raw HTML output $explainMode = 1; } elseif ((int) $this->explainOutput == 3 && is_object($GLOBALS['TT'])) { // embed the output into the TS admin panel $explainMode = 2; } else { return FALSE; } $error = $this->sql_error(); $trail = t3lib_utility_Debug::debugTrail(); $explain_tables = array(); $explain_output = array(); $res = $this->sql_query('EXPLAIN ' . $query, $this->link); if (is_resource($res)) { while ($tempRow = $this->sql_fetch_assoc($res)) { $explain_output[] = $tempRow; $explain_tables[] = $tempRow['table']; } $this->sql_free_result($res); } $indices_output = array(); // Notice: Rows are skipped if there is only one result, or if no conditions are set if ($explain_output[0]['rows'] > 1 || t3lib_div::inList('ALL', $explain_output[0]['type'])) { // only enable output if it's really useful $debug = TRUE; foreach ($explain_tables as $table) { $tableRes = $this->sql_query('SHOW TABLE STATUS LIKE \'' . $table . '\''); $isTable = $this->sql_num_rows($tableRes); if ($isTable) { $res = $this->sql_query('SHOW INDEX FROM ' . $table, $this->link); if (is_resource($res)) { while ($tempRow = $this->sql_fetch_assoc($res)) { $indices_output[] = $tempRow; } $this->sql_free_result($res); } } $this->sql_free_result($tableRes); } } else { $debug = FALSE; } if ($debug) { if ($explainMode) { $data = array(); $data['query'] = $query; $data['trail'] = $trail; $data['row_count'] = $row_count; if ($error) { $data['error'] = $error; } if (count($explain_output)) { $data['explain'] = $explain_output; } if (count($indices_output)) { $data['indices'] = $indices_output; } if ($explainMode == 1) { t3lib_utility_Debug::debug($data, 'Tables: ' . $from_table, 'DB SQL EXPLAIN'); } elseif ($explainMode == 2) { $GLOBALS['TT']->setTSselectQuery($data); } } return TRUE; } return FALSE; }
function debug($variable = '', $name = '*variable*', $line = '*line*', $file = '*file*', $recursiveDepth = 3, $debugLevel = E_DEBUG) { // If you wish to use the debug()-function, and it does not output something, please edit the IP mask in TYPO3_CONF_VARS if (!t3lib_div::cmpIP(t3lib_div::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask'])) { return; } if (is_object($GLOBALS['error']) && @is_callable(array($GLOBALS['error'], 'debug'))) { $GLOBALS['error']->debug($variable, $name, $line, $file, $recursiveDepth, $debugLevel); } else { $title = $name === '*variable*' ? '' : $name; $group = $line === '*line*' ? NULL : $line; t3lib_div::debug($variable, $title, $group); } }
/** * Abstraction method which returns System Environment Variables regardless of server OS, CGI/MODULE version etc. Basically this is SERVER variables for most of them. * This should be used instead of getEnv() and $_SERVER/ENV_VARS to get reliable values for all situations. * Usage: 221 * * @param string Name of the "environment variable"/"server variable" you wish to use. Valid values are SCRIPT_NAME, SCRIPT_FILENAME, REQUEST_URI, PATH_INFO, REMOTE_ADDR, REMOTE_HOST, HTTP_REFERER, HTTP_HOST, HTTP_USER_AGENT, HTTP_ACCEPT_LANGUAGE, QUERY_STRING, TYPO3_DOCUMENT_ROOT, TYPO3_HOST_ONLY, TYPO3_HOST_ONLY, TYPO3_REQUEST_HOST, TYPO3_REQUEST_URL, TYPO3_REQUEST_SCRIPT, TYPO3_REQUEST_DIR, TYPO3_SITE_URL, _ARRAY * @return string Value based on the input key, independent of server/os environment. */ public static function getIndpEnv($getEnvName) { /* Conventions: output from parse_url(): URL: http://username:password@192.168.1.4:8080/typo3/32/temp/phpcheck/index.php/arg1/arg2/arg3/?arg1,arg2,arg3&p1=parameter1&p2[key]=value#link1 [scheme] => 'http' [user] => 'username' [pass] => 'password' [host] => '192.168.1.4' [port] => '8080' [path] => '/typo3/32/temp/phpcheck/index.php/arg1/arg2/arg3/' [query] => 'arg1,arg2,arg3&p1=parameter1&p2[key]=value' [fragment] => 'link1' Further definition: [path_script] = '/typo3/32/temp/phpcheck/index.php' [path_dir] = '/typo3/32/temp/phpcheck/' [path_info] = '/arg1/arg2/arg3/' [path] = [path_script/path_dir][path_info] Keys supported: URI______: REQUEST_URI = [path]?[query] = /typo3/32/temp/phpcheck/index.php/arg1/arg2/arg3/?arg1,arg2,arg3&p1=parameter1&p2[key]=value HTTP_HOST = [host][:[port]] = 192.168.1.4:8080 SCRIPT_NAME = [path_script]++ = /typo3/32/temp/phpcheck/index.php // NOTICE THAT SCRIPT_NAME will return the php-script name ALSO. [path_script] may not do that (eg. '/somedir/' may result in SCRIPT_NAME '/somedir/index.php')! PATH_INFO = [path_info] = /arg1/arg2/arg3/ QUERY_STRING = [query] = arg1,arg2,arg3&p1=parameter1&p2[key]=value HTTP_REFERER = [scheme]://[host][:[port]][path] = http://192.168.1.4:8080/typo3/32/temp/phpcheck/index.php/arg1/arg2/arg3/?arg1,arg2,arg3&p1=parameter1&p2[key]=value (Notice: NO username/password + NO fragment) CLIENT____: REMOTE_ADDR = (client IP) REMOTE_HOST = (client host) HTTP_USER_AGENT = (client user agent) HTTP_ACCEPT_LANGUAGE = (client accept language) SERVER____: SCRIPT_FILENAME = Absolute filename of script (Differs between windows/unix). On windows 'C:\\blabla\\blabl\\' will be converted to 'C:/blabla/blabl/' Special extras: TYPO3_HOST_ONLY = [host] = 192.168.1.4 TYPO3_PORT = [port] = 8080 (blank if 80, taken from host value) TYPO3_REQUEST_HOST = [scheme]://[host][:[port]] TYPO3_REQUEST_URL = [scheme]://[host][:[port]][path]?[query] (scheme will by default be "http" until we can detect something different) TYPO3_REQUEST_SCRIPT = [scheme]://[host][:[port]][path_script] TYPO3_REQUEST_DIR = [scheme]://[host][:[port]][path_dir] TYPO3_SITE_URL = [scheme]://[host][:[port]][path_dir] of the TYPO3 website frontend TYPO3_SITE_SCRIPT = [script / Speaking URL] of the TYPO3 website TYPO3_DOCUMENT_ROOT = Absolute path of root of documents: TYPO3_DOCUMENT_ROOT.SCRIPT_NAME = SCRIPT_FILENAME (typically) TYPO3_SSL = Returns TRUE if this session uses SSL/TLS (https) TYPO3_PROXY = Returns TRUE if this session runs over a well known proxy Notice: [fragment] is apparently NEVER available to the script! Testing suggestions: - Output all the values. - In the script, make a link to the script it self, maybe add some parameters and click the link a few times so HTTP_REFERER is seen - ALSO TRY the script from the ROOT of a site (like 'http://www.mytest.com/' and not 'http://www.mytest.com/test/' !!) */ # if ($getEnvName=='HTTP_REFERER') return ''; $retVal = ''; switch ((string) $getEnvName) { case 'SCRIPT_NAME': $retVal = (php_sapi_name() == 'cgi' || php_sapi_name() == 'cgi-fcgi') && ($_SERVER['ORIG_PATH_INFO'] ? $_SERVER['ORIG_PATH_INFO'] : $_SERVER['PATH_INFO']) ? $_SERVER['ORIG_PATH_INFO'] ? $_SERVER['ORIG_PATH_INFO'] : $_SERVER['PATH_INFO'] : ($_SERVER['ORIG_SCRIPT_NAME'] ? $_SERVER['ORIG_SCRIPT_NAME'] : $_SERVER['SCRIPT_NAME']); // add a prefix if TYPO3 is behind a proxy: ext-domain.com => int-server.com/prefix if (t3lib_div::cmpIP($_SERVER['REMOTE_ADDR'], $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'])) { if (t3lib_div::getIndpEnv('TYPO3_SSL') && $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefixSSL']) { $retVal = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefixSSL'] . $retVal; } elseif ($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefix']) { $retVal = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefix'] . $retVal; } } break; case 'SCRIPT_FILENAME': $retVal = str_replace('//', '/', str_replace('\\', '/', (php_sapi_name() == 'cgi' || php_sapi_name() == 'isapi' || php_sapi_name() == 'cgi-fcgi') && ($_SERVER['ORIG_PATH_TRANSLATED'] ? $_SERVER['ORIG_PATH_TRANSLATED'] : $_SERVER['PATH_TRANSLATED']) ? $_SERVER['ORIG_PATH_TRANSLATED'] ? $_SERVER['ORIG_PATH_TRANSLATED'] : $_SERVER['PATH_TRANSLATED'] : ($_SERVER['ORIG_SCRIPT_FILENAME'] ? $_SERVER['ORIG_SCRIPT_FILENAME'] : $_SERVER['SCRIPT_FILENAME']))); break; case 'REQUEST_URI': // Typical application of REQUEST_URI is return urls, forms submitting to itself etc. Example: returnUrl='.rawurlencode(t3lib_div::getIndpEnv('REQUEST_URI')) if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['requestURIvar']) { // This is for URL rewriters that store the original URI in a server variable (eg ISAPI_Rewriter for IIS: HTTP_X_REWRITE_URL) list($v, $n) = explode('|', $GLOBALS['TYPO3_CONF_VARS']['SYS']['requestURIvar']); $retVal = $GLOBALS[$v][$n]; } elseif (!$_SERVER['REQUEST_URI']) { // This is for ISS/CGI which does not have the REQUEST_URI available. $retVal = '/' . ereg_replace('^/', '', t3lib_div::getIndpEnv('SCRIPT_NAME')) . ($_SERVER['QUERY_STRING'] ? '?' . $_SERVER['QUERY_STRING'] : ''); } else { $retVal = $_SERVER['REQUEST_URI']; } // add a prefix if TYPO3 is behind a proxy: ext-domain.com => int-server.com/prefix if (t3lib_div::cmpIP($_SERVER['REMOTE_ADDR'], $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'])) { if (t3lib_div::getIndpEnv('TYPO3_SSL') && $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefixSSL']) { $retVal = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefixSSL'] . $retVal; } elseif ($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefix']) { $retVal = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefix'] . $retVal; } } break; case 'PATH_INFO': // $_SERVER['PATH_INFO']!=$_SERVER['SCRIPT_NAME'] is necessary because some servers (Windows/CGI) are seen to set PATH_INFO equal to script_name // Further, there must be at least one '/' in the path - else the PATH_INFO value does not make sense. // IF 'PATH_INFO' never works for our purpose in TYPO3 with CGI-servers, then 'php_sapi_name()=='cgi'' might be a better check. Right now strcmp($_SERVER['PATH_INFO'],t3lib_div::getIndpEnv('SCRIPT_NAME')) will always return false for CGI-versions, but that is only as long as SCRIPT_NAME is set equal to PATH_INFO because of php_sapi_name()=='cgi' (see above) // if (strcmp($_SERVER['PATH_INFO'],t3lib_div::getIndpEnv('SCRIPT_NAME')) && count(explode('/',$_SERVER['PATH_INFO']))>1) { if (php_sapi_name() != 'cgi' && php_sapi_name() != 'cgi-fcgi') { $retVal = $_SERVER['PATH_INFO']; } break; case 'TYPO3_REV_PROXY': $retVal = t3lib_div::cmpIP($_SERVER['REMOTE_ADDR'], $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP']); break; case 'REMOTE_ADDR': $retVal = $_SERVER['REMOTE_ADDR']; if (t3lib_div::cmpIP($_SERVER['REMOTE_ADDR'], $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'])) { $ip = t3lib_div::trimExplode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); // choose which IP in list to use if (count($ip)) { switch ($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyHeaderMultiValue']) { case 'last': $ip = array_pop($ip); break; case 'first': $ip = array_shift($ip); break; case 'none': default: $ip = ''; break; } } if (t3lib_div::validIP($ip)) { $retVal = $ip; } } break; case 'HTTP_HOST': $retVal = $_SERVER['HTTP_HOST']; if (t3lib_div::cmpIP($_SERVER['REMOTE_ADDR'], $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'])) { $host = t3lib_div::trimExplode(',', $_SERVER['HTTP_X_FORWARDED_HOST']); // choose which host in list to use if (count($host)) { switch ($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyHeaderMultiValue']) { case 'last': $host = array_pop($host); break; case 'first': $host = array_shift($host); break; case 'none': default: $host = ''; break; } } if ($host) { $retVal = $host; } } break; // These are let through without modification // These are let through without modification case 'HTTP_REFERER': case 'HTTP_USER_AGENT': case 'HTTP_ACCEPT_ENCODING': case 'HTTP_ACCEPT_LANGUAGE': case 'REMOTE_HOST': case 'QUERY_STRING': $retVal = $_SERVER[$getEnvName]; break; case 'TYPO3_DOCUMENT_ROOT': // Some CGI-versions (LA13CGI) and mod-rewrite rules on MODULE versions will deliver a 'wrong' DOCUMENT_ROOT (according to our description). Further various aliases/mod_rewrite rules can disturb this as well. // Therefore the DOCUMENT_ROOT is now always calculated as the SCRIPT_FILENAME minus the end part shared with SCRIPT_NAME. $SFN = t3lib_div::getIndpEnv('SCRIPT_FILENAME'); $SN_A = explode('/', strrev(t3lib_div::getIndpEnv('SCRIPT_NAME'))); $SFN_A = explode('/', strrev($SFN)); $acc = array(); foreach ($SN_A as $kk => $vv) { if (!strcmp($SFN_A[$kk], $vv)) { $acc[] = $vv; } else { break; } } $commonEnd = strrev(implode('/', $acc)); if (strcmp($commonEnd, '')) { $DR = substr($SFN, 0, -(strlen($commonEnd) + 1)); } $retVal = $DR; break; case 'TYPO3_HOST_ONLY': $p = explode(':', t3lib_div::getIndpEnv('HTTP_HOST')); $retVal = $p[0]; break; case 'TYPO3_PORT': $p = explode(':', t3lib_div::getIndpEnv('HTTP_HOST')); $retVal = $p[1]; break; case 'TYPO3_REQUEST_HOST': $retVal = (t3lib_div::getIndpEnv('TYPO3_SSL') ? 'https://' : 'http://') . t3lib_div::getIndpEnv('HTTP_HOST'); break; case 'TYPO3_REQUEST_URL': $retVal = t3lib_div::getIndpEnv('TYPO3_REQUEST_HOST') . t3lib_div::getIndpEnv('REQUEST_URI'); break; case 'TYPO3_REQUEST_SCRIPT': $retVal = t3lib_div::getIndpEnv('TYPO3_REQUEST_HOST') . t3lib_div::getIndpEnv('SCRIPT_NAME'); break; case 'TYPO3_REQUEST_DIR': $retVal = t3lib_div::getIndpEnv('TYPO3_REQUEST_HOST') . t3lib_div::dirname(t3lib_div::getIndpEnv('SCRIPT_NAME')) . '/'; break; case 'TYPO3_SITE_URL': if (defined('PATH_thisScript') && defined('PATH_site')) { $lPath = substr(dirname(PATH_thisScript), strlen(PATH_site)) . '/'; $url = t3lib_div::getIndpEnv('TYPO3_REQUEST_DIR'); $siteUrl = substr($url, 0, -strlen($lPath)); if (substr($siteUrl, -1) != '/') { $siteUrl .= '/'; } $retVal = $siteUrl; } break; case 'TYPO3_SITE_SCRIPT': $retVal = substr(t3lib_div::getIndpEnv('TYPO3_REQUEST_URL'), strlen(t3lib_div::getIndpEnv('TYPO3_SITE_URL'))); break; case 'TYPO3_SSL': $proxySSL = trim($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxySSL']); if ($proxySSL == '*') { $proxySSL = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP']; } if (t3lib_div::cmpIP($_SERVER['REMOTE_ADDR'], $proxySSL)) { $retVal = true; } else { $retVal = $_SERVER['SSL_SESSION_ID'] || !strcmp($_SERVER['HTTPS'], 'on') || !strcmp($_SERVER['HTTPS'], '1') ? true : false; // see http://bugs.typo3.org/view.php?id=3909 } break; case '_ARRAY': $out = array(); // Here, list ALL possible keys to this function for debug display. $envTestVars = t3lib_div::trimExplode(',', ' HTTP_HOST, TYPO3_HOST_ONLY, TYPO3_PORT, PATH_INFO, QUERY_STRING, REQUEST_URI, HTTP_REFERER, TYPO3_REQUEST_HOST, TYPO3_REQUEST_URL, TYPO3_REQUEST_SCRIPT, TYPO3_REQUEST_DIR, TYPO3_SITE_URL, TYPO3_SITE_SCRIPT, TYPO3_SSL, TYPO3_REV_PROXY, SCRIPT_NAME, TYPO3_DOCUMENT_ROOT, SCRIPT_FILENAME, REMOTE_ADDR, REMOTE_HOST, HTTP_USER_AGENT, HTTP_ACCEPT_LANGUAGE', 1); foreach ($envTestVars as $v) { $out[$v] = t3lib_div::getIndpEnv($v); } reset($out); $retVal = $out; break; } return $retVal; }
/** * The main method of the Plugin * * @return Mixed Either returns an error or sends a redirect header */ public function main() { // Declare globals global $BE_USER, $LANG, $BACK_PATH, $TCA_DESCR, $TCA, $CLIENT, $TYPO3_CONF_VARS; // Set the path to phpMyAdmin $extPath = t3lib_extMgm::extPath('phpmyadmin'); $typo3DocumentRoot = t3lib_div::getIndpEnv('TYPO3_DOCUMENT_ROOT'); // Set class config for module $this->MCONF = $GLOBALS['MCONF']; // Get config $extensionConfiguration = unserialize($TYPO3_CONF_VARS['EXT']['extConf']['phpmyadmin']); // IP-based Access restrictions $devIPmask = trim($TYPO3_CONF_VARS['SYS']['devIPmask']); $remoteAddress = t3lib_div::getIndpEnv('REMOTE_ADDR'); // Check for IP restriction (devIpMask), and die if not allowed $useDevIpMask = (bool) $extensionConfiguration['useDevIpMask']; if ($useDevIpMask === TRUE) { // Abort if devIPmask is wildcarded if ($devIPmask != '*') { $message = '<h1>Access Denied</h1> <p> This phpMyAdmin-Module was configured with IP-based access restrictions and your REMOTE_ADDR (' . $remoteAddress . ') is not in TYPO3 devIPmask (' . $devIPmask . '). </p>'; if (!t3lib_div::cmpIP($remoteAddress, $devIPmask)) { die($message); } } } // Check for ip restriction, and die if not allowed $allowedIps = trim($extensionConfiguration['allowedIps']); if (!empty($allowedIps)) { $message = '<h1>Access Denied</h1> <p> This phpMyAdmin-Module was configured with IP-based access restrictions and your REMOTE_ADDR (' . $remoteAddress . ') is not in the list of allowed IPs (' . $allowedIps . '). </p>'; if (!t3lib_div::cmpIP($remoteAddress, $allowedIps)) { die($message); } } // Path to install dir $this->MCONF['PMA_absolute_path'] = $extPath . $this->MCONF['PMA_subdir']; // PMA uses relative file inclusion, so we need to ensure a proper include_path @set_include_path($this->MCONF['PMA_absolute_path'] . PATH_SEPARATOR . get_include_path()); // Path to web dir $this->MCONF['PMA_relative_path'] = t3lib_extMgm::extRelPath('phpmyadmin') . $this->MCONF['PMA_subdir']; // If phpMyAdmin is configured in the conf.php script, we continue to load it... if ($this->MCONF['PMA_absolute_path'] && @is_dir($this->MCONF['PMA_absolute_path'])) { // Need to have cookie visible from parent directory session_set_cookie_params(0, '/', '', 0); // Create signon session $session_name = 'tx_phpmyadmin'; session_name($session_name); session_start(); // Store the credentials in the session $_SESSION['PMA_single_signon_user'] = TYPO3_db_username; $_SESSION['PMA_single_signon_password'] = TYPO3_db_password; $_SESSION['PMA_single_signon_host'] = TYPO3_db_host; $_SESSION['PMA_single_signon_only_db'] = TYPO3_db; // Configure some other parameters $_SESSION['PMA_extConf'] = $TYPO3_CONF_VARS['EXT']['extConf']['phpmyadmin']; $_SESSION['PMA_hideOtherDBs'] = $extensionConfiguration['hideOtherDBs']; // Get signon uri for redirect $path_ext = substr($extPath, strlen($typo3DocumentRoot), strlen($extPath)); $path_ext = substr($path_ext, 0, 1) != '/' ? '/' . $path_ext : $path_ext; $path_pma = $path_ext . $this->MCONF['PMA_subdir']; $_SESSION['PMA_SignonURL'] = $path_pma . 'index.php'; // Try to get the TYPO3 backend uri even if it's installed in a subdirectory // Compile logout path and add a slash if the returned string does not start with $path_typo3 = substr(PATH_typo3, strlen($typo3DocumentRoot), strlen(PATH_typo3)); $path_typo3 = substr($path_typo3, 0, 1) != '/' ? '/' . $path_typo3 : $path_typo3; $_SESSION['PMA_LogoutURL'] = $path_typo3 . 'logout.php'; // Prepend document root if uploadDir does not start with a slash "/" $extensionConfiguration['uploadDir'] = trim($extensionConfiguration['uploadDir']); if (strpos($extensionConfiguration['uploadDir'], '/') !== 0) { $_SESSION['PMA_uploadDir'] = $typo3DocumentRoot . '/' . $extensionConfiguration['uploadDir']; } else { $_SESSION['PMA_uploadDir'] = $extensionConfiguration['uploadDir']; } $_SESSION['PMA_typo_db'] = TYPO3_db; // Check if Ajax is enabled by config - @see http://forge.typo3.org/issues/51384 $ajaxEnable = (bool) $extensionConfiguration['ajaxEnable']; if ($ajaxEnable === TRUE) { $_SESSION['AjaxEnable'] = TRUE; } else { $_SESSION['AjaxEnable'] = FALSE; } $id = session_id(); // Force to set the cookie according to issue #8884 // http://bugs.typo3.org/view.php?id=8884#c23323 setcookie($session_name, $id, 0, '/', ''); // Close that session session_write_close(); // Mapping language keys for phpMyAdmin $LANG_KEY_MAP = array('dk' => 'da', 'de' => 'de', 'no' => 'no', 'it' => 'it', 'fr' => 'fr', 'es' => 'es', 'nl' => 'nl', 'cz' => 'cs-iso', 'pl' => 'pl', 'si' => 'sk'); $LANG_KEY = $LANG_KEY_MAP[$LANG->lang]; if (!$LANG_KEY) { $LANG_KEY = 'en'; } // Redirect to phpMyAdmin (should use absolute URL here!), setting default database $redirect_uri = $_SESSION['PMA_SignonURL'] . '?lang=' . $LANG_KEY . '&db=' . urlencode(TYPO3_db); // Build and set cache-header header $headers = array('Expires: Mon, 26 Jul 1997 05:00:00 GMT', 'Pragma: no-cache', 'Cache-Control: private', 'Location: ' . $redirect_uri); // Send all headers foreach ($headers as $header) { header($header); } } else { // No configuration set $this->doc = t3lib_div::makeInstance('mediumDoc'); $this->doc->backPath = $BACK_PATH; $this->content = $this->doc->startPage($LANG->getLL('title')); $this->content .= ' <h3>phpMyAdmin module was not installed?</h3> ' . ($this->MCONF['PMA_subdir'] && !@is_dir($this->MCONF['PMA_subdir']) ? '<hr /><strong>ERROR: The directory, ' . $this->MCONF['PMA_subdir'] . ', was NOT found!</strong><HR>' : '') . ' '; $this->content .= $this->doc->endPage(); } }
/** * Standard init function * Initializes : * - the reference to the parent Extension ( stored in $this->_oParent ) * - the XML conf * - the internal collection of Validators * - the internal collection of DataHandlers * - the internal collection of Renderers * - the internal collection of Renderlets * - the Renderer as configured in the XML conf in the /formidable/control/renderer/ section * - the DataHandler as configured in the XML conf in the /formidable/control/datahandler/ section * * // CURRENT SERVER EVENT CHECKPOINTS ( means when to process the even; ex: <onclick runat="server" when="after-compilation" /> ) * // DEFAULT IS *after-init* * // * // start * // before-compilation * // before-compilation * // after-compilation * // before-init * // before-init-renderer * // after-init-renderer * // before-init-renderlets * // after-init-renderlets * // before-init-datahandler * // after-init-datahandler * // after-init * // before-render * // after-render * // end * * @param object Parent extension using FORMidable * @param mixed Absolute path to the XML configuration file * @param [type] $iForcedEntryId: ... * @return void */ function init(&$oParent, $mXml, $iForcedEntryId = FALSE) { $this->garbageCollector(); $this->sessionStart(); $this->start_tstamp = t3lib_div::milliseconds(); $this->makeHtmlParser(); $this->_makeJsonObj(); if ($this->__getEnvExecMode() !== "FE") { // virtualizing FE for BE and eID (ajax) modes $this->__virtualizeFE(); } /***** BASE INIT ***** * */ $this->sExtPath = PATH_formidable; $this->sExtRelPath = t3lib_extMgm::siteRelPath("ameos_formidable"); $this->sExtWebPath = t3lib_div::getIndpEnv("TYPO3_SITE_URL") . t3lib_extMgm::siteRelPath("ameos_formidable"); $this->sApiVersion = $GLOBALS["TYPO3_CONF_VARS"]["EXTCONF"]["ameos_formidable"]["ext_emconf.php"]["version"]; $this->sApiVersionInt = t3lib_div::int_from_ver($GLOBALS["TYPO3_CONF_VARS"]["EXTCONF"]["ameos_formidable"]["ext_emconf.php"]["version"]); $this->conf =& $GLOBALS["TSFE"]->config["config"]["tx_ameosformidable."]; $this->_oParent =& $oParent; $this->oParent =& $oParent; $this->aTempDebug = array(); $this->_loadDeclaredDataSources(); $this->_loadDeclaredValidators(); $this->_loadDeclaredDataHandlers(); $this->_loadDeclaredRenderers(); $this->_loadDeclaredRenderlets(); $this->_loadDeclaredActionlets(); /***** XML INIT ***** * */ if ($this->bInitFromTs === FALSE) { /** Cyrille Berliat : Patch to handle direct XML arrays when passed to init */ if (is_array($mXml)) { $this->_aConf = $mXml; } else { $this->_xmlPath = $this->toServerPath($mXml); $this->_loadXmlConf(); } } else { $this->_aConf = $mXml; $this->_aConf = $this->refineTS($this->_aConf); } /***** DEBUG INIT ***** * * After this point raw xml data is available ( means before precompilation ) * So it is now possible to get some basic config from the xml * */ /* determine if meta+control+elements or head+body */ if ($this->_navConf("/head") !== FALSE) { $this->sXpathToMeta = "/head/"; $this->sXpathToControl = "/head/"; } if ($this->_navConf("/body") !== FALSE) { $this->sXpathToElements = "/body/"; } if (t3lib_div::cmpIP(t3lib_div::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask'])) { $this->bDebugIP = TRUE; } $this->oJs = t3lib_div::makeInstance("formidable_jslayer"); $this->oJs->_init($this); /***** INIT FORM SIGNATURE ***** * */ $this->formid = $this->_navConf($this->sXpathToMeta . "form/formid"); if (tx_ameosformidable::isRunneable($this->formid)) { $this->formid = $this->callRunneable($this->formid); } //$this->uniqueid = $this->formid . "_" . t3lib_div::shortMd5(serialize($this->_aConf) . "cUid:" . $this->_oParent->cObj->data["uid"], 5); // CHECKING FORMID COLLISION IN PAGE if (!array_key_exists($this->formid, $GLOBALS["TYPO3_CONF_VARS"]["EXTCONF"]["ameos_formidable"]["context"]["forms"])) { $GLOBALS["TYPO3_CONF_VARS"]["EXTCONF"]["ameos_formidable"]["context"]["forms"][$this->formid] = array(); } else { $this->mayday("Two (or more) Formidable are using the same formid '<b>" . $this->formid . "</b>' on this page - cannot continue"); } $this->initAddVars(); $this->buildCodeBehinds(); /***** INIT DEFAULT (TEMPORARY) DATAHANDLER AND RENDERER ***** * * These two instances are meant to be destroyed later in the init process * Useful for giving access to objects at precompilation time * */ $this->oDataHandler =& $this->_makeDefaultDataHandler(); $this->oRenderer =& $this->_makeDefaultRenderer(); /***** INIT EDIT MODE ? ***** * */ if ($iForcedEntryId !== FALSE) { // uid "iForcedEntryId" was passed to init() method of formidable if (($iCurrentEntryId = $this->oDataHandler->_currentEntryId()) !== FALSE) { // there is already an uid asked for edition // it has been passed thru POST var myformid[AMEOSFORMIDABLE_ENTRYID] if ($iForcedEntryId != $iCurrentEntryId) { // the old edited uid is different of the newly asked one // therefore we'll ask formidable to *force* edition of this iForcedEntryId // meaning that formidable should forget field-values passed by POST // and re-take the record from DB $this->forceEntryId($iForcedEntryId); } else { // the old edited uid is the same that the newly asked one // let formidable handle himself the uid passed thru POST var myformid[AMEOSFORMIDABLE_ENTRYID] $iForcedEntryId = FALSE; } } else { $this->forceEntryId($iForcedEntryId); } } elseif (($mUid = $this->_navConf($this->sXpathToControl . "datahandler/editentry")) !== FALSE) { if (tx_ameosformidable::isRunneable($mUid)) { $mUid = $this->callRunneable($mUid); } if (($iCurrentEntryId = $this->oDataHandler->_currentEntryId()) !== FALSE) { if ($mUid != $iCurrentEntryId) { $this->forceEntryId($mUid); } } else { $this->forceEntryId($mUid); } } if ($this->iForcedEntryId === FALSE) { if (($iTempUid = $this->editionRequested()) !== FALSE) { $this->forceEntryId($iTempUid); } else { $this->forceEntryId($iForcedEntryId); } } $aRawPost = $this->_getRawPost(); if (trim($aRawPost["AMEOSFORMIDABLE_SERVEREVENT"]) !== "") { $aServerEventParams = $this->_getServerEventParams(); if (array_key_exists("_sys_earlybird", $aServerEventParams)) { $aEarlyBird = $aServerEventParams["_sys_earlybird"]; $aEvent = $this->_navConf($aEarlyBird["xpath"], $this->_aConf); $this->callRunneable($aEvent, $aServerEventParams); } } /***** XML PRECOMPILATION ***** * * Applying modifiers on the xml structure * Thus producing new parts of xml and deleting some * To get the definitive XML * */ $this->_aConf = $this->_compileConf($this->_aConf, $this->aTempDebug); $this->iDebug = intval($this->_navConf($this->sXpathToMeta . "debug")); if ($this->iDebug > 0) { $this->bDebug = TRUE; } else { $this->bDebug = $this->isTrue($this->sXpathToMeta . "debug/"); if ($this->bDebug) { $this->iDebug = 2; // LIGHT } } $GLOBALS["TYPO3_DB"]->store_lastBuiltQuery = TRUE; if ($this->bDebug) { $GLOBALS["TYPO3_DB"]->debugOutput = TRUE; } /***** GRABBING SERVER EVENTS ***** * * Grabbing the server and ajax events * */ /*$this->_grabServerAndAjaxEvents( $this->_aConf["elements"] );*/ $this->checkPoint(array("start")); $this->bReliableXML = TRUE; // RELIABLE XML DATA CANNOT BE ACCESSED BEFORE THIS POINT // AND THEREFORE NEITHER ALL OBJECTS CONFIGURED BY THIS XML // (END OF XML PRE-COMPILATION) $this->sDefaultLLLPrefix = $this->_navConf($this->sXpathToMeta . "defaultlll"); if (tx_ameosformidable::isRunneable($this->sDefaultLLLPrefix)) { $this->sDefaultLLLPrefix = $this->callRunneable($this->sDefaultLLLPrefix); } if ($this->sDefaultLLLPrefix === FALSE && $this->isParentTypo3Plugin()) { if ($this->oParent->scriptRelPath) { $sLLPhp = "EXT:" . $this->oParent->extKey . "/" . dirname($this->oParent->scriptRelPath) . "/locallang.php"; $sLLXml = "EXT:" . $this->oParent->extKey . "/" . dirname($this->oParent->scriptRelPath) . "/locallang.xml"; if (file_exists($this->toServerPath($sLLPhp))) { $this->sDefaultLLLPrefix = $sLLPhp; } if (file_exists($this->toServerPath($sLLXml))) { $this->sDefaultLLLPrefix = $sLLXml; } } } if ($this->bDebug) { $aTrace = debug_backtrace(); $aLocation = array_shift($aTrace); $this->_debug("User called FORMidable<br>" . "<br>• In :<br>" . " " . $aLocation["file"] . ":" . $aLocation["line"] . "<br>• At :<br>" . " " . $aLocation["class"] . $aLocation["type"] . $aLocation["function"] . "<br>• With args: <br>" . " " . $this->_viewMixed($aLocation["args"]) . ($this->iForcedEntryId !== FALSE ? "<br>• Edition of entry " . $this->iForcedEntryId . " requested" : ""), "INITIALIZATION OF FORMIDABLE"); if (!empty($this->aTempDebug["aIncHierarchy"])) { $this->_debug($this->aTempDebug["aIncHierarchy"], "XML INCLUSION HIERARCHY", FALSE); } else { $this->_debug(null, "NO XML INCLUSION", FALSE); } } $this->checkPoint(array("after-compilation", "before-init", "before-init-renderer")); if (($sAction = $this->_navConf($this->sXpathToMeta . "form/action")) !== FALSE) { if (tx_ameosformidable::isRunneable($sAction)) { $sAction = $this->callRunneable($sAction); } if ($sAction !== FALSE) { $this->sFormAction = trim($sAction); } else { $this->sFormAction = FALSE; } } else { $this->sFormAction = FALSE; } $this->analyzeFormAction(); if ($this->useFHash()) { $this->formActionAdd(array($this->formid => array('fhash' => $this->getFHash()))); } if (($sSandClass = $this->_includeSandBox()) !== FALSE) { $this->_createSandBox($sSandClass); } if (($aOnInit = $this->_navConf($this->sXpathToMeta . "oninit")) !== FALSE && tx_ameosformidable::isRunneable($aOnInit)) { $this->callRunneable($aOnInit); } $this->_initDataSources(); $this->_initRenderer(); $this->checkPoint(array("after-init-renderer", "before-init-renderlets")); $this->_initRenderlets(); $this->fetchServerEvents(); $this->checkPoint(array("after-init-renderlets", "before-init-datahandler")); $this->_initDataHandler($this->iForcedEntryId); $this->checkPoint(array("after-init-datahandler", "after-init")); $this->bInited = TRUE; }
/** * Implementing the access checks that the typo3/init.php script does before a user is ever logged in. * Used in the frontend. * * @return boolean Returns true if access is OK * @see typo3/init.php, t3lib_beuserauth::backendCheckLogin() */ public function checkBackendAccessSettingsFromInitPhp() { global $TYPO3_CONF_VARS; // ********************** // Check Hardcoded lock on BE: // ********************** if ($TYPO3_CONF_VARS['BE']['adminOnly'] < 0) { return FALSE; } // ********************** // Check IP // ********************** if (trim($TYPO3_CONF_VARS['BE']['IPmaskList'])) { if (!t3lib_div::cmpIP(t3lib_div::getIndpEnv('REMOTE_ADDR'), $TYPO3_CONF_VARS['BE']['IPmaskList'])) { return FALSE; } } // ********************** // Check SSL (https) // ********************** if (intval($TYPO3_CONF_VARS['BE']['lockSSL']) && $TYPO3_CONF_VARS['BE']['lockSSL'] != 3) { if (!t3lib_div::getIndpEnv('TYPO3_SSL')) { return FALSE; } } // Finally a check from t3lib_beuserauth::backendCheckLogin() if ($this->isUserAllowedToLogin()) { return TRUE; } else { return FALSE; } }
public function execAndProfileQuery($query, $type) { if (empty($GLOBALS['TYPO3_DB']->mysqlprofilerConf['excludeTables'])) { $this->init(); } $isProfiling = $this->isProfiling($query, $type); if ($isProfiling) { $begin = microtime(true); } // exec query if (Typo3profiler_Utility_Compatibility::intFromVer(TYPO3_version) > 6000000) { if (!$this->isConnected) { $this->connectDB(); } $res = $this->link->query($query); } else { $res = mysql_query($query, $this->link); } if ($isProfiling) { $deltatime = round((microtime(true) - $begin) * 1000, 8); if ($GLOBALS['TSFE']->id == 0) { $debugFunc = $this->get_caller_method(3); } else { $debugFunc = $this->get_caller_method(2); } if (TYPO3_MODE == 'BE') { $debugFunc = $this->get_caller_method(3); } $debug = array('type' => $type, 'query' => $query, 'time' => $deltatime, 'backtrace' => $debugFunc, 'typo3mode' => TYPO3_MODE, 'page' => $GLOBALS['TSFE']->id !== null ? $GLOBALS['TSFE']->id : ''); if ($GLOBALS['TYPO3_DB']->mysqlprofilerConf['debugbarenabled'] == 1) { if (t3lib_div::cmpIP(t3lib_div::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask'])) { $GLOBALS['debugbar']['queries']->info('[' . $deltatime . '] ' . $query . ' --> ' . $debugFunc['file'] . ' @ ' . $debugFunc['line'] . ' : ' . $debugFunc['function']); } } $this->profiledQueries[] = $debug; if (TYPO3_MODE == 'BE') { $this->cleanSqlLog(); $this->insertSqlLog($debug); } } return $res; }
} else { $fContent = t3lib_div::getUrl(PATH_typo3conf . 'LOCK_BACKEND'); if ($fContent) { header('Location: ' . $fContent); // Redirect } else { throw new RuntimeException('TYPO3 Backend locked: Browser backend is locked for maintenance. Remove lock by removing the file "typo3conf/LOCK_BACKEND" or use CLI-scripts.'); } exit; } } // ********************** // Check IP // ********************** if (trim($TYPO3_CONF_VARS['BE']['IPmaskList']) && !(TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_CLI)) { if (!t3lib_div::cmpIP(t3lib_div::getIndpEnv('REMOTE_ADDR'), $TYPO3_CONF_VARS['BE']['IPmaskList'])) { header('Status: 404 Not Found'); // Send Not Found header - if the webserver can make use of it... header('Location: http://'); // Just point us away from here... exit; // ... and exit good! } } // ********************** // Check SSL (https) // ********************** if (intval($TYPO3_CONF_VARS['BE']['lockSSL']) && !(TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_CLI)) { if (intval($TYPO3_CONF_VARS['BE']['lockSSLPort'])) { $sslPortSuffix = ':' . intval($TYPO3_CONF_VARS['BE']['lockSSLPort']); } else {
/** * Returns human readable variable information output by print_r function * Depending on TYPO3_CONF_VARS['SYS']['displayErrors'] and checks TYPO3_CONF_VARS['SYS']['devIPmask'] if needed to * * @param mixed $theData: Variable to dump (if allowed) * @param string $codeClass: Class to use for pre-tag with SyntaxHighlighter * @param string $blockTitle: Display a title above block * @param boolean $useSyntaxHighlighter: Add some JavaScript to turn on SyntaxHighlighter * @param array $shAdditionalConfig: Manual configuration of SyntaxHighlighter e.g. to add custom brushes * @param string $additionalWrap: Wrap output if not using SyntaxHighlighter * @return string The dumped variable * */ public static function debugOutput($theData, $codeClass = 'plain', $blockTitle = '', $useSyntaxHighlighter = true, $shAdditionalConfig = array(), $additionalWrap = '<pre>|</pre>') { global $TYPO3_CONF_VARS; $result = ''; // If displayErrors is turned on if (($displayErrors = intval($TYPO3_CONF_VARS['SYS']['displayErrors'])) != '-1') { // Check for development IP mask if configured if ($displayErrors == 2) { if (t3lib_div::cmpIP(t3lib_div::getIndpEnv('REMOTE_ADDR'), $TYPO3_CONF_VARS['SYS']['devIPmask'])) { $displayErrors = 1; } else { $displayErrors = 0; } } if ($displayErrors == 1) { // Turn off caching if output in frontend if (TYPO3_MODE == 'FE') { $GLOBALS['TSFE']->set_no_cache(); } // Start output buffering ob_start(); print_r($theData); // Store output buffer in variable $result = ob_get_contents(); // Clean output buffer ob_end_clean(); // Style output with SyntaxHighlighter if ($useSyntaxHighlighter) { $shBasicConfig = array('baseUrl' => '/' . t3lib_extMgm::siteRelPath('cps_devlib') . 'Resources/', 'scripts' => 'scripts/', 'styles' => 'styles/', 'theme' => 'Default', 'brushes' => array()); $shBasicConfig = array_merge($shBasicConfig, $shAdditionalConfig); // Try to get brush to load if (!count($shBasicConfig['brushes'])) { $codeClass = strtolower($codeClass); switch ($codeClass) { case 'applescript': $shBasicConfig['brushes'] = array('AppleScript'); break; case 'as3': case 'actionscript3': $shBasicConfig['brushes'] = array('AS3'); break; case 'bash': case 'shell': $shBasicConfig['brushes'] = array('Bash'); break; case 'cf': case 'coldfusion': $shBasicConfig['brushes'] = array('ColdFusion'); break; case 'c#': case 'c-sharp': case 'csharp': $shBasicConfig['brushes'] = array('CSharp'); break; case 'c': case 'cpp': $shBasicConfig['brushes'] = array('Cpp'); break; case 'css': $shBasicConfig['brushes'] = array('Css'); break; case 'delphi': case 'pas': case 'pascal': $shBasicConfig['brushes'] = array('Delphi'); break; case 'diff': case 'patch': $shBasicConfig['brushes'] = array('Diff'); break; case 'erl': case 'erlang': $shBasicConfig['brushes'] = array('Erlang'); break; case 'groovy': $shBasicConfig['brushes'] = array('Groovy'); break; case 'js': case 'jscript': case 'javascript': $shBasicConfig['brushes'] = array('JScript'); break; case 'java': $shBasicConfig['brushes'] = array('Java'); break; case 'jfx': case 'javafx': $shBasicConfig['brushes'] = array('JavaFX'); break; case 'perl': case 'pl': $shBasicConfig['brushes'] = array('Perl'); break; case 'php': $shBasicConfig['brushes'] = array('Php'); break; case 'ps': case 'powershell': $shBasicConfig['brushes'] = array('PowerShell'); break; case 'py': case 'python': $shBasicConfig['brushes'] = array('Python'); break; case 'rails': case 'rb': case 'ror': case 'ruby': $shBasicConfig['brushes'] = array('Ruby'); break; case 'sass': case 'scss': $shBasicConfig['brushes'] = array('Sass'); break; case 'scala': $shBasicConfig['brushes'] = array('Scala'); break; case 'sql': $shBasicConfig['brushes'] = array('Sql'); break; case 'ts': case 'typoscript': $shBasicConfig['brushes'] = array('Typoscript'); break; case 'vb': case 'vbnet': $shBasicConfig['brushes'] = array('Vb'); break; case 'xml': case 'xhtml': case 'xslt': case 'html': case 'xhtml': $shBasicConfig['brushes'] = array('Xml'); break; default: $shBasicConfig['brushes'] = array('Plain'); break; } } // Add SyntaxHighlighter core style tx_cpsdevlib_extmgm::addCssFile($shBasicConfig['baseUrl'] . $shBasicConfig['styles'] . 'shCore . css', 'tx_cpsdevlib_debug_shcorecss'); // Add SyntaxHighlighter theme tx_cpsdevlib_extmgm::addCssFile($shBasicConfig['baseUrl'] . $shBasicConfig['styles'] . 'shTheme' . $shBasicConfig['theme'] . '.css', 'tx_cpsdevlib_debug_shtheme' . $shBasicConfig['theme'] . 'css'); // Add SyntaxHighlighter core javascript tx_cpsdevlib_extmgm::addJavascriptFile($shBasicConfig['baseUrl'] . $shBasicConfig['scripts'] . 'shCore.js', 'tx_cpsdevlib_debug_shcorejs'); // Add brushes foreach ($shBasicConfig['brushes'] as $brush) { tx_cpsdevlib_extmgm::addJavascriptFile($shBasicConfig['baseUrl'] . $shBasicConfig['scripts'] . 'shBrush' . $brush . '.js', 'tx_cpsdevlib_debug_shbrush' . strtolower($brush) . 'js'); } // Run SyntaxHighlighter tx_cpsdevlib_extmgm::addJavascriptInline('SyntaxHighlighter.all();', 'tx_cpsdevlib_debug_shrun'); $result = LF . '<pre class="brush: ' . htmlspecialchars($codeClass) . '"' . ($blockTitle ? ' title="' . htmlspecialchars($blockTitle) . '"' : '') . '>' . LF . htmlspecialchars($result) . LF . '</pre>'; } else { // Alternative wrapping method without SyntaxHighlighter if ($additionalWrap) { $result = str_replace('|', LF . $result . LF, $additionalWrap); } } } } return $result; }