phpmon/laravel-valet
1
0
Fork 0
mirror of https://github.com/laravel/valet.git synced 2026-02-06 00:40:06 +01:00
Code Activity

refactored and fixed login page on '/typo3'

Browse Source
This commit is contained in:
F. Schwaiger
2016-09-22 15:06:51 -04:00
committed by GitHub
parent 711938db93
commit a18c9f9720
1 changed files with 75 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

149
cli/drivers/Typo3ValetDriver.php
View File

@@ -24,15 +24,17 @@ class Typo3ValetDriver extends ValetDriver
| Forbidden URI Patterns | Forbidden URI Patterns
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| |
| All of these patterns won't be publicly available from your web server. | All of these patterns won't be accessible from your web server. Instead,
| Instead, the server will throw a 403 forbidden response, if you try | the server will throw a 403 forbidden response, if you try to access
| to access these files via the HTTP layer. Use regex syntax here. | these files via the HTTP layer. Use regex syntax here and escape @.
| |
*/ */
protected $forbiddenUriPatterns = [ protected $forbiddenUriPatterns = [
'_(recycler|temp)_/', '_(recycler|temp)_/',
'^/(typo3conf/ext|typo3/sysext|typo3/ext)/[^/]+/(Resources/Private|Tests)/', '^/(typo3conf/ext|typo3/sysext|typo3/ext)/[^/]+/(Resources/Private|Tests)/',
'\.(htaccess|gitkeep|gitignore)', '^/typo3/.+\.map$',
'^/typo3temp/var/',
'\.(htaccess|gitkeep|gitignore)$',
]; ];
/** /**
@@ -62,18 +64,44 @@ public function serves($sitePath, $siteName, $uri)
*/ */
public function isStaticFile($sitePath, $siteName, $uri) public function isStaticFile($sitePath, $siteName, $uri)
{ {
$uri = $this->isVersionNumberInFilename($sitePath . $this->documentRoot . $uri, $uri); // May the file contains a cache busting version string like filename.12345678.css
// If that is the case, the file cannot be found on disk, so remove the version
if (file_exists($filePath = $sitePath . $this->documentRoot . $uri) // identifier before retrying below.
&& ! is_dir($filePath) if (!$this->isActualFile($filePath = $sitePath . $this->documentRoot . $uri))
&& pathinfo($filePath)['extension'] !== 'php')
{ {
$this->authorizeAccess($uri); $uri = preg_replace("@^(.+)\.(\d+)\.(js|css|png|jpg|gif|gzip)$@", "$1.$3", $uri);
return $filePath;
} }
// Now that any possible version string is cleared from the filename, the resulting
// URI should be a valid file on disc. So assemble the absolut file name with the
// same schema as above and if it exists, authorize access and return its path.
if ($this->isActualFile($filePath = $sitePath . $this->documentRoot . $uri))
{
return $this->isAccessAuthorized($uri) ? $filePath : false;
}
// This file cannot be found in the current project and thus cannot be served.
return false; return false;
} }
/**
* Determines if the given URI is blacklisted so that access is prevented.
*
* @param string $uri
* @return boolean
*/
private function isAccessAuthorized($uri)
{
foreach ($this->forbiddenUriPatterns as $forbiddenUriPattern)
{
if (preg_match("@$forbiddenUriPattern@", $uri))
{
return false;
}
}
return true;
}
/** /**
* Get the fully resolved path to the application's front controller. * Get the fully resolved path to the application's front controller.
* This can be the currently requested PHP script, a folder that * This can be the currently requested PHP script, a folder that
@@ -86,12 +114,14 @@ public function isStaticFile($sitePath, $siteName, $uri)
*/ */
public function frontControllerPath($sitePath, $siteName, $uri) public function frontControllerPath($sitePath, $siteName, $uri)
{ {
$this->directLoginToInstallTool($uri); // without modifying the URI, redirect if necessary
$this->authorizeAccess($uri); $this->handleRedirectBackendShorthandUris($uri);
$uri = rtrim($uri, '/');
$absoluteFilePath = $sitePath . $this->documentRoot . $uri;
if (file_exists($absoluteFilePath)) // from now on, remove trailing / for convenience for all the following join operations
$uri = rtrim($uri, '/');
// try to find the responsible script file for the requested folder / script URI
if (file_exists($absoluteFilePath = $sitePath . $this->documentRoot . $uri))
{ {
if (is_dir($absoluteFilePath)) if (is_dir($absoluteFilePath))
{ {
@@ -107,7 +137,7 @@ public function frontControllerPath($sitePath, $siteName, $uri)
return $absoluteFilePath . '/index.html'; return $absoluteFilePath . '/index.html';
} }
} }
else if (pathinfo($absoluteFilePath)['extension'] === 'php') else if (pathinfo($absoluteFilePath, PATHINFO_EXTENSION) === 'php')
{ {
// this file can be served directly // this file can be served directly
return $this->serveScript($sitePath, $siteName, $uri); return $this->serveScript($sitePath, $siteName, $uri);
@@ -118,6 +148,28 @@ public function frontControllerPath($sitePath, $siteName, $uri)
return $this->serveScript($sitePath, $siteName, '/index.php'); return $this->serveScript($sitePath, $siteName, '/index.php');
} }
/**
* Direct access to installtool via domain.dev/typo3/install/ will be redirected to
* sysext install script. domain.dev/typo3 will be redirected to /typo3/, because
* the generated JavaScript URIs on the login screen would be broken on /typo3.
*
* @param string $uri
*/
private function handleRedirectBackendShorthandUris($uri)
{
if (rtrim($uri, '/') === '/typo3/install')
{
header('Location: /typo3/sysext/install/Start/Install.php');
die();
}
if ($uri === '/typo3')
{
header('Location: /typo3/');
die();
}
}
/** /**
* Configures the $_SERVER globals for serving the script at * Configures the $_SERVER globals for serving the script at
* the specified URI and returns it absolute file path. * the specified URI and returns it absolute file path.
@@ -125,72 +177,21 @@ public function frontControllerPath($sitePath, $siteName, $uri)
* @param string $sitePath * @param string $sitePath
* @param string $siteName * @param string $siteName
* @param string $uri * @param string $uri
* @param string $script
* @return string * @return string
*/ */
private function serveScript($sitePath, $siteName, $uri) private function serveScript($sitePath, $siteName, $uri)
{ {
$absoluteDocumentRoot = $sitePath . $this->documentRoot; $docroot = $sitePath . $this->documentRoot;
$absoluteFilePath = $absoluteDocumentRoot . $uri; $abspath = $docroot . $uri;
$_SERVER['SERVER_NAME'] = $siteName . '.dev'; $_SERVER['SERVER_NAME'] = $siteName . '.dev';
$_SERVER['DOCUMENT_ROOT'] = $absoluteDocumentRoot; $_SERVER['DOCUMENT_ROOT'] = $docroot;
$_SERVER['DOCUMENT_URI'] = $uri; $_SERVER['DOCUMENT_URI'] = $uri;
$_SERVER['SCRIPT_FILENAME'] = $absoluteFilePath; $_SERVER['SCRIPT_FILENAME'] = $abspath;
$_SERVER['SCRIPT_NAME'] = $uri; $_SERVER['SCRIPT_NAME'] = $uri;
$_SERVER['PHP_SELF'] = $uri; $_SERVER['PHP_SELF'] = $uri;
return $absoluteFilePath; return $abspath;
}
/**
* Interrupts execution with a 403 FORBIDDEN if the requested URI is on
* the global blacklist of system files that should not be served.
*
* @param string $uri
*/
private function authorizeAccess($uri)
{
foreach ($this->forbiddenUriPatterns as $forbiddenUri)
{
if (preg_match("@$forbiddenUri@", $uri))
{
header('HTTP/1.0 403 Forbidden');
die("You are forbidden to see $uri!");
}
}
}
/**
* Rule for versioned static files, configured through:
* - $GLOBALS['TYPO3_CONF_VARS']['BE']['versionNumberInFilename']
* - $GLOBALS['TYPO3_CONF_VARS']['FE']['versionNumberInFilename']
*
* @param string $filePath
* @param string $uri
* @return string $uri
*/
private function isVersionNumberInFilename($filePath, $uri) {
if ( ! file_exists($filePath) &&
preg_match("/^(.+)\.(\d+)\.(php|js|css|png|jpg|gif|gzip)$/", $uri)
) {
return preg_replace("/^(.+)\.(\d+)\.(php|js|css|png|jpg|gif|gzip)$/", "$1.$3", $uri);
}
return $uri;
}
/**
* Direct access to installtool via domain.dev/typo3/install/
* Will be redirected to the sysext install script
*
* @param string $uri
*/
private function directLoginToInstallTool($uri) {
if (preg_match("/^\/typo3\/install$/", rtrim($uri)))
{
header('Location: /typo3/sysext/install/Start/Install.php');
die();
}
} }
} }