2013-07-22 03:52:00 +02:00
|
|
|
<?php
|
|
|
|
/**
|
|
|
|
* This file is the Framework constants bootstrap. It will prepare some basic common constants.
|
|
|
|
*
|
|
|
|
* It takes care of:
|
|
|
|
* - Including _ss_environment.php
|
|
|
|
* - Normalisation of $_SERVER values
|
|
|
|
* - Initialisation of necessary constants (mostly paths)
|
|
|
|
*
|
|
|
|
* Initialized constants:
|
|
|
|
* - BASE_URL: Full URL to the webroot, e.g. "http://my-host.com/my-webroot" (no trailing slash).
|
|
|
|
* - BASE_PATH: Absolute path to the webroot, e.g. "/var/www/my-webroot" (no trailing slash).
|
2013-07-24 02:09:44 +02:00
|
|
|
* See Director::baseFolder(). Can be overwritten by Config::inst()->update('Director', 'alternate_base_folder', ).
|
2013-07-22 03:52:00 +02:00
|
|
|
* - TEMP_FOLDER: Absolute path to temporary folder, used for manifest and template caches. Example: "/var/tmp"
|
|
|
|
* See getTempFolder(). No trailing slash.
|
|
|
|
* - MODULES_DIR: Not used at the moment
|
|
|
|
* - MODULES_PATH: Not used at the moment
|
|
|
|
* - THEMES_DIR: Path relative to webroot, e.g. "themes"
|
|
|
|
* - THEMES_PATH: Absolute filepath, e.g. "/var/www/my-webroot/themes"
|
|
|
|
* - FRAMEWORK_DIR: Path relative to webroot, e.g. "framework"
|
|
|
|
* - FRAMEWORK_PATH:Absolute filepath, e.g. "/var/www/my-webroot/framework"
|
|
|
|
* - FRAMEWORK_ADMIN_DIR: Path relative to webroot, e.g. "framework/admin"
|
|
|
|
* - FRAMEWORK_ADMIN_PATH: Absolute filepath, e.g. "/var/www/my-webroot/framework/admin"
|
|
|
|
* - THIRDPARTY_DIR: Path relative to webroot, e.g. "framework/thirdparty"
|
|
|
|
* - THIRDPARTY_PATH: Absolute filepath, e.g. "/var/www/my-webroot/framework/thirdparty"
|
2015-05-25 04:31:20 +02:00
|
|
|
* - TRUSTED_PROXY: true or false, depending on whether the X-Forwarded-* HTTP
|
|
|
|
* headers from the given client are trustworthy (e.g. from a reverse proxy).
|
2013-07-22 03:52:00 +02:00
|
|
|
*
|
|
|
|
* @package framework
|
|
|
|
* @subpackage core
|
|
|
|
*/
|
|
|
|
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
// ENVIRONMENT CONFIG
|
|
|
|
|
|
|
|
/**
|
2013-07-24 02:09:44 +02:00
|
|
|
* Include _ss_environment.php file
|
2013-07-22 03:52:00 +02:00
|
|
|
*/
|
|
|
|
//define the name of the environment file
|
|
|
|
$envFile = '_ss_environment.php';
|
2013-07-24 02:09:44 +02:00
|
|
|
//define the dirs to start scanning from (have to add the trailing slash)
|
|
|
|
// we're going to check the realpath AND the path as the script sees it
|
|
|
|
$dirsToCheck = array(
|
|
|
|
realpath('.'),
|
|
|
|
dirname($_SERVER['SCRIPT_FILENAME'])
|
|
|
|
);
|
|
|
|
//if they are the same, remove one of them
|
|
|
|
if ($dirsToCheck[0] == $dirsToCheck[1]) {
|
|
|
|
unset($dirsToCheck[1]);
|
|
|
|
}
|
|
|
|
foreach ($dirsToCheck as $dir) {
|
|
|
|
//check this dir and every parent dir (until we hit the base of the drive)
|
|
|
|
// or until we hit a dir we can't read
|
2015-02-14 00:30:29 +01:00
|
|
|
while(true) {
|
2013-07-24 02:09:44 +02:00
|
|
|
//if it's readable, go ahead
|
|
|
|
if (@is_readable($dir)) {
|
|
|
|
//if the file exists, then we include it, set relevant vars and break out
|
2015-02-17 05:33:40 +01:00
|
|
|
if (file_exists($dir . DIRECTORY_SEPARATOR . $envFile)) {
|
|
|
|
define('SS_ENVIRONMENT_FILE', $dir . DIRECTORY_SEPARATOR . $envFile);
|
2013-07-24 02:09:44 +02:00
|
|
|
include_once(SS_ENVIRONMENT_FILE);
|
|
|
|
//break out of BOTH loops because we found the $envFile
|
|
|
|
break(2);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
//break out of the while loop, we can't read the dir
|
|
|
|
break;
|
|
|
|
}
|
2015-02-14 00:30:29 +01:00
|
|
|
if (dirname($dir) == $dir) {
|
|
|
|
// here we need to check that the path of the last dir and the next one are
|
|
|
|
// not the same, if they are, we have hit the root of the drive
|
|
|
|
break;
|
|
|
|
}
|
2013-07-24 02:09:44 +02:00
|
|
|
//go up a directory
|
|
|
|
$dir = dirname($dir);
|
2015-02-14 00:30:29 +01:00
|
|
|
}
|
2013-07-24 02:09:44 +02:00
|
|
|
}
|
2013-07-22 03:52:00 +02:00
|
|
|
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
// GLOBALS AND DEFINE SETTING
|
|
|
|
|
2013-08-05 04:58:44 +02:00
|
|
|
function stripslashes_recursively(&$array) {
|
2015-03-14 09:24:11 +01:00
|
|
|
trigger_error('stripslashes_recursively is deprecated in 3.2', E_USER_DEPRECATED);
|
2013-08-05 04:58:44 +02:00
|
|
|
foreach($array as $k => $v) {
|
|
|
|
if(is_array($v)) stripslashes_recursively($array[$k]);
|
|
|
|
else $array[$k] = stripslashes($v);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-05-25 04:31:20 +02:00
|
|
|
/**
|
|
|
|
* Validate whether the request comes directly from a trusted server or not
|
|
|
|
* This is necessary to validate whether or not the values of X-Forwarded-
|
|
|
|
* or Client-IP HTTP headers can be trusted
|
|
|
|
*/
|
|
|
|
if(!defined('TRUSTED_PROXY')) {
|
|
|
|
$trusted = true; // will be false by default in a future release
|
|
|
|
|
2015-05-29 01:49:22 +02:00
|
|
|
if(getenv('BlockUntrustedProxyHeaders') // Legacy setting (reverted from documentation)
|
|
|
|
|| getenv('BlockUntrustedIPs') // Documented setting
|
|
|
|
|| defined('SS_TRUSTED_PROXY_IPS')
|
|
|
|
) {
|
2015-05-25 04:31:20 +02:00
|
|
|
$trusted = false;
|
|
|
|
|
|
|
|
if(defined('SS_TRUSTED_PROXY_IPS') && SS_TRUSTED_PROXY_IPS !== 'none') {
|
|
|
|
if(SS_TRUSTED_PROXY_IPS === '*') {
|
|
|
|
$trusted = true;
|
|
|
|
} elseif(isset($_SERVER['REMOTE_ADDR'])) {
|
2016-09-26 01:44:55 +02:00
|
|
|
if(!class_exists('SilverStripe\\Control\\Util\\IPUtils')) {
|
2016-12-15 12:10:47 +01:00
|
|
|
require_once 'control/IPUtils.php';
|
2016-09-26 01:44:55 +02:00
|
|
|
};
|
2016-12-15 12:10:47 +01:00
|
|
|
$trusted = SilverStripe\Control\Util\IPUtils::checkIP($_SERVER['REMOTE_ADDR'], explode(',', SS_TRUSTED_PROXY_IPS));
|
2015-05-25 04:31:20 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Declare whether or not the connecting server is a trusted proxy
|
|
|
|
*/
|
|
|
|
define('TRUSTED_PROXY', $trusted);
|
|
|
|
}
|
|
|
|
|
2013-07-22 03:52:00 +02:00
|
|
|
/**
|
|
|
|
* A blank HTTP_HOST value is used to detect command-line execution.
|
|
|
|
* We update the $_SERVER variable to contain data consistent with the rest of the application.
|
|
|
|
*/
|
|
|
|
if(!isset($_SERVER['HTTP_HOST'])) {
|
|
|
|
// HTTP_HOST, REQUEST_PORT, SCRIPT_NAME, and PHP_SELF
|
2016-09-26 01:44:55 +02:00
|
|
|
global $_FILE_TO_URL_MAPPING;
|
2013-07-22 03:52:00 +02:00
|
|
|
if(isset($_FILE_TO_URL_MAPPING)) {
|
|
|
|
$fullPath = $testPath = realpath($_SERVER['SCRIPT_FILENAME']);
|
|
|
|
while($testPath && $testPath != '/' && !preg_match('/^[A-Z]:\\\\$/', $testPath)) {
|
|
|
|
if(isset($_FILE_TO_URL_MAPPING[$testPath])) {
|
|
|
|
$url = $_FILE_TO_URL_MAPPING[$testPath]
|
|
|
|
. str_replace(DIRECTORY_SEPARATOR, '/', substr($fullPath,strlen($testPath)));
|
|
|
|
|
|
|
|
$components = parse_url($url);
|
|
|
|
$_SERVER['HTTP_HOST'] = $components['host'];
|
|
|
|
if(!empty($components['port'])) $_SERVER['HTTP_HOST'] .= ':' . $components['port'];
|
|
|
|
$_SERVER['SCRIPT_NAME'] = $_SERVER['PHP_SELF'] = $components['path'];
|
|
|
|
if(!empty($components['port'])) $_SERVER['REQUEST_PORT'] = $components['port'];
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
$testPath = dirname($testPath);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Everything else
|
|
|
|
$serverDefaults = array(
|
|
|
|
'SERVER_PROTOCOL' => 'HTTP/1.1',
|
|
|
|
'HTTP_ACCEPT' => 'text/plain;q=0.5',
|
|
|
|
'HTTP_ACCEPT_LANGUAGE' => '*;q=0.5',
|
|
|
|
'HTTP_ACCEPT_ENCODING' => '',
|
|
|
|
'HTTP_ACCEPT_CHARSET' => 'ISO-8859-1;q=0.5',
|
|
|
|
'SERVER_SIGNATURE' => 'Command-line PHP/' . phpversion(),
|
|
|
|
'SERVER_SOFTWARE' => 'PHP/' . phpversion(),
|
|
|
|
'SERVER_ADDR' => '127.0.0.1',
|
|
|
|
'REMOTE_ADDR' => '127.0.0.1',
|
|
|
|
'REQUEST_METHOD' => 'GET',
|
|
|
|
'HTTP_USER_AGENT' => 'CLI',
|
|
|
|
);
|
|
|
|
|
|
|
|
$_SERVER = array_merge($serverDefaults, $_SERVER);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* If we have an HTTP_HOST value, then we're being called from the webserver and there are some things that
|
|
|
|
* need checking
|
|
|
|
*/
|
|
|
|
} else {
|
|
|
|
/**
|
2020-07-16 13:51:24 +02:00
|
|
|
* Check if magic quotes are enabled (only relevant for php 5.3)
|
|
|
|
* get_magic_quotes_gpc() call is suppressed to avoid php7.4 deprecation notice
|
2013-07-22 03:52:00 +02:00
|
|
|
*/
|
2020-07-16 13:51:24 +02:00
|
|
|
if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc()) {
|
2013-07-22 03:52:00 +02:00
|
|
|
if($_REQUEST) stripslashes_recursively($_REQUEST);
|
|
|
|
if($_GET) stripslashes_recursively($_GET);
|
|
|
|
if($_POST) stripslashes_recursively($_POST);
|
|
|
|
if($_COOKIE) stripslashes_recursively($_COOKIE);
|
2013-07-24 02:09:44 +02:00
|
|
|
// No more magic_quotes!
|
|
|
|
trigger_error('get_magic_quotes_gpc support is being removed from Silverstripe. Please set this to off in ' .
|
2015-03-14 09:24:11 +01:00
|
|
|
' your php.ini and see http://php.net/manual/en/security.magicquotes.php', E_USER_DEPRECATED);
|
2013-07-22 03:52:00 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Fix HTTP_HOST from reverse proxies
|
|
|
|
*/
|
2016-02-17 11:19:19 +01:00
|
|
|
$trustedProxyHeader = (defined('SS_TRUSTED_PROXY_HOST_HEADER'))
|
|
|
|
? SS_TRUSTED_PROXY_HOST_HEADER
|
|
|
|
: 'HTTP_X_FORWARDED_HOST';
|
2016-09-26 01:44:55 +02:00
|
|
|
|
2016-02-17 11:19:19 +01:00
|
|
|
if (TRUSTED_PROXY && !empty($_SERVER[$trustedProxyHeader])) {
|
2013-07-22 03:52:00 +02:00
|
|
|
// Get the first host, in case there's multiple separated through commas
|
2016-02-26 15:45:07 +01:00
|
|
|
$_SERVER['HTTP_HOST'] = strtok($_SERVER[$trustedProxyHeader], ',');
|
2013-07-22 03:52:00 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-07-08 01:01:06 +02:00
|
|
|
// Filter by configured allowed hosts
|
|
|
|
if (defined('SS_ALLOWED_HOSTS') && php_sapi_name() !== "cli") {
|
2015-05-28 07:58:39 +02:00
|
|
|
$all_allowed_hosts = explode(',', SS_ALLOWED_HOSTS);
|
2015-07-08 01:01:06 +02:00
|
|
|
if (!isset($_SERVER['HTTP_HOST']) || !in_array($_SERVER['HTTP_HOST'], $all_allowed_hosts)) {
|
2015-05-28 07:58:39 +02:00
|
|
|
header('HTTP/1.1 400 Invalid Host', true, 400);
|
|
|
|
die();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-07-22 03:52:00 +02:00
|
|
|
/**
|
|
|
|
* Define system paths
|
|
|
|
*/
|
|
|
|
if(!defined('BASE_PATH')) {
|
|
|
|
// Assuming that this file is framework/core/Core.php we can then determine the base path
|
|
|
|
$candidateBasePath = rtrim(dirname(dirname(dirname(__FILE__))), DIRECTORY_SEPARATOR);
|
|
|
|
// We can't have an empty BASE_PATH. Making it / means that double-slashes occur in places but that's benign.
|
|
|
|
// This likely only happens on chrooted environemnts
|
|
|
|
if($candidateBasePath == '') $candidateBasePath = DIRECTORY_SEPARATOR;
|
|
|
|
define('BASE_PATH', $candidateBasePath);
|
|
|
|
}
|
|
|
|
if(!defined('BASE_URL')) {
|
|
|
|
// Determine the base URL by comparing SCRIPT_NAME to SCRIPT_FILENAME and getting common elements
|
|
|
|
$path = realpath($_SERVER['SCRIPT_FILENAME']);
|
|
|
|
if(substr($path, 0, strlen(BASE_PATH)) == BASE_PATH) {
|
|
|
|
$urlSegmentToRemove = substr($path, strlen(BASE_PATH));
|
|
|
|
if(substr($_SERVER['SCRIPT_NAME'], -strlen($urlSegmentToRemove)) == $urlSegmentToRemove) {
|
|
|
|
$baseURL = substr($_SERVER['SCRIPT_NAME'], 0, -strlen($urlSegmentToRemove));
|
|
|
|
define('BASE_URL', rtrim($baseURL, DIRECTORY_SEPARATOR));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// If that didn't work, failover to the old syntax. Hopefully this isn't necessary, and maybe
|
|
|
|
// if can be phased out?
|
|
|
|
if(!defined('BASE_URL')) {
|
|
|
|
$dir = (strpos($_SERVER['SCRIPT_NAME'], 'index.php') !== false)
|
|
|
|
? dirname($_SERVER['SCRIPT_NAME'])
|
|
|
|
: dirname(dirname($_SERVER['SCRIPT_NAME']));
|
|
|
|
define('BASE_URL', rtrim($dir, DIRECTORY_SEPARATOR));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
define('MODULES_DIR', 'modules');
|
|
|
|
define('MODULES_PATH', BASE_PATH . '/' . MODULES_DIR);
|
|
|
|
define('THEMES_DIR', 'themes');
|
|
|
|
define('THEMES_PATH', BASE_PATH . '/' . THEMES_DIR);
|
|
|
|
// Relies on this being in a subdir of the framework.
|
|
|
|
// If it isn't, or is symlinked to a folder with a different name, you must define FRAMEWORK_DIR
|
|
|
|
if(!defined('FRAMEWORK_DIR')) {
|
|
|
|
define('FRAMEWORK_DIR', basename(dirname(dirname(__FILE__))));
|
|
|
|
}
|
|
|
|
define('FRAMEWORK_PATH', BASE_PATH . '/' . FRAMEWORK_DIR);
|
|
|
|
define('FRAMEWORK_ADMIN_DIR', FRAMEWORK_DIR . '/admin');
|
|
|
|
define('FRAMEWORK_ADMIN_PATH', BASE_PATH . '/' . FRAMEWORK_ADMIN_DIR);
|
|
|
|
|
|
|
|
// These are all deprecated. Use the FRAMEWORK_ versions instead.
|
|
|
|
define('SAPPHIRE_DIR', FRAMEWORK_DIR);
|
|
|
|
define('SAPPHIRE_PATH', FRAMEWORK_PATH);
|
|
|
|
define('SAPPHIRE_ADMIN_DIR', FRAMEWORK_ADMIN_DIR);
|
|
|
|
define('SAPPHIRE_ADMIN_PATH', FRAMEWORK_ADMIN_PATH);
|
|
|
|
|
|
|
|
define('THIRDPARTY_DIR', FRAMEWORK_DIR . '/thirdparty');
|
|
|
|
define('THIRDPARTY_PATH', BASE_PATH . '/' . THIRDPARTY_DIR);
|
2013-07-24 02:09:44 +02:00
|
|
|
|
|
|
|
if(!defined('ASSETS_DIR')) {
|
|
|
|
define('ASSETS_DIR', 'assets');
|
|
|
|
}
|
2013-10-31 23:25:19 +01:00
|
|
|
if(!defined('ASSETS_PATH')) {
|
|
|
|
define('ASSETS_PATH', BASE_PATH . '/' . ASSETS_DIR);
|
|
|
|
}
|
2013-07-22 03:52:00 +02:00
|
|
|
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
// INCLUDES
|
|
|
|
|
|
|
|
if(defined('CUSTOM_INCLUDE_PATH')) {
|
|
|
|
$includePath = '.' . PATH_SEPARATOR . CUSTOM_INCLUDE_PATH . PATH_SEPARATOR
|
|
|
|
. FRAMEWORK_PATH . PATH_SEPARATOR
|
|
|
|
. FRAMEWORK_PATH . '/parsers' . PATH_SEPARATOR
|
|
|
|
. THIRDPARTY_PATH . PATH_SEPARATOR
|
|
|
|
. get_include_path();
|
|
|
|
} else {
|
|
|
|
$includePath = '.' . PATH_SEPARATOR . FRAMEWORK_PATH . PATH_SEPARATOR
|
|
|
|
. FRAMEWORK_PATH . '/parsers' . PATH_SEPARATOR
|
|
|
|
. THIRDPARTY_PATH . PATH_SEPARATOR
|
|
|
|
. get_include_path();
|
|
|
|
}
|
|
|
|
|
|
|
|
set_include_path($includePath);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Define the temporary folder if it wasn't defined yet
|
|
|
|
*/
|
|
|
|
require_once 'core/TempPath.php';
|
|
|
|
|
|
|
|
if(!defined('TEMP_FOLDER')) {
|
|
|
|
define('TEMP_FOLDER', getTempFolder(BASE_PATH));
|
|
|
|
}
|