mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Merge pull request #7432 from open-sausages/pulls/4/request-uri
Use index.php for serving content
This commit is contained in:
commit
31c43c8c33
@ -62,7 +62,9 @@ control.
|
|||||||
|
|
||||||
3. Apache rewrite (mod_rewrite) isn't working and it's installed (prior to SilverStripe 3.1.11)
|
3. Apache rewrite (mod_rewrite) isn't working and it's installed (prior to SilverStripe 3.1.11)
|
||||||
|
|
||||||
Due to some changes to `mod_dir` in [Apache 2.4](http://httpd.apache.org/docs/current/mod/mod_dir.html#DirectoryCheckHandler) (precedence of handlers), index.php gets added to the URLs as soon as you navigate to the homepage of your site. Further requests are then handled by index.php rather than `mod_rewrite` (`main.php`). To fix this place the following within the `mod_rewrite` section of your .htaccess file:
|
Due to some changes to `mod_dir` in [Apache 2.4](http://httpd.apache.org/docs/current/mod/mod_dir.html#DirectoryCheckHandler) (precedence of handlers),
|
||||||
|
index.php gets added to the URLs as soon as you navigate to the homepage of your site.
|
||||||
|
To fix this place the following within the `mod_rewrite` section of your .htaccess file:
|
||||||
|
|
||||||
```
|
```
|
||||||
<IfModule mod_rewrite.c>
|
<IfModule mod_rewrite.c>
|
||||||
|
@ -24,7 +24,6 @@ On "live" environments, the `?isDev=1` solution is preferred, as it means that y
|
|||||||
|
|
||||||
Due to some changes to `mod_dir` in [Apache 2.4](http://httpd.apache.org/docs/current/mod/mod_dir.html#DirectoryCheckHandler)
|
Due to some changes to `mod_dir` in [Apache 2.4](http://httpd.apache.org/docs/current/mod/mod_dir.html#DirectoryCheckHandler)
|
||||||
(precedence of handlers), index.php gets added to the URLs as soon as you navigate to the homepage of your site.
|
(precedence of handlers), index.php gets added to the URLs as soon as you navigate to the homepage of your site.
|
||||||
Further requests are then handled by index.php rather than `mod_rewrite` (`main.php`).
|
|
||||||
To fix this place the following within the `mod_rewrite` section of your .htaccess file:
|
To fix this place the following within the `mod_rewrite` section of your .htaccess file:
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -27,11 +27,11 @@ Silverstripe. Replace "yoursite.com" and "/home/yoursite/public_html/" below.
|
|||||||
# Rewrite URLs so they are nicer
|
# Rewrite URLs so they are nicer
|
||||||
url.rewrite-once = (
|
url.rewrite-once = (
|
||||||
"^/.*\.[A-Za-z0-9]+.*?$" => "$0",
|
"^/.*\.[A-Za-z0-9]+.*?$" => "$0",
|
||||||
"^/(.*?)(\?|$)(.*)" => "/vendor/silverstripe/framework/main.php?url=$1&$3"
|
"^/(.*?)(\?|$)(.*)" => "/index.php?$3"
|
||||||
)
|
)
|
||||||
|
|
||||||
# Show SilverStripe error page
|
# Show SilverStripe error page
|
||||||
server.error-handler-404 = "/vendor/silverstripe/framework/main.php"
|
server.error-handler-404 = "/index.php"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -53,14 +53,14 @@ of Silverstripe on the same host, you can use something like this (be warned, it
|
|||||||
url.rewrite-once = (
|
url.rewrite-once = (
|
||||||
"(?i)(/copy1/.*\.([A-Za-z0-9]+))(.*?)$" => "$0",
|
"(?i)(/copy1/.*\.([A-Za-z0-9]+))(.*?)$" => "$0",
|
||||||
"(?i)(/copy2/.*\.([A-Za-z0-9]+))(.*?)$" => "$0",
|
"(?i)(/copy2/.*\.([A-Za-z0-9]+))(.*?)$" => "$0",
|
||||||
"^/copy1/(.*?)(\?|$)(.*)" => "/copy1/vendor/silverstripe/framework/main.php?url=$1&$3",
|
"^/copy1/(.*?)(\?|$)(.*)" => "/copy1/index.php?$3",
|
||||||
"^/copy2/(.*?)(\?|$)(.*)" => "/copy2/vendor/silverstripe/framework/main.php?url=$1&$3"
|
"^/copy2/(.*?)(\?|$)(.*)" => "/copy2/index.php?$3"
|
||||||
)
|
)
|
||||||
$HTTP["url"] =~ "^/copy1/" {
|
$HTTP["url"] =~ "^/copy1/" {
|
||||||
server.error-handler-404 = "/copy1/vendor/silverstripe/framework/main.php"
|
server.error-handler-404 = "/copy1/index.php"
|
||||||
}
|
}
|
||||||
$HTTP["url"] =~ "^/copy2/" {
|
$HTTP["url"] =~ "^/copy2/" {
|
||||||
server.error-handler-404 = "/copy2/vendor/silverstripe/framework/main.php"
|
server.error-handler-404 = "/copy2/index.php"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -30,7 +30,7 @@ But enough of the disclaimer, on to the actual configuration — typically in `n
|
|||||||
}
|
}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
try_files $uri vendor/silverstripe/framework/main.php?url=$uri&$query_string;
|
try_files $uri index.php?$query_string;
|
||||||
}
|
}
|
||||||
|
|
||||||
error_page 404 /assets/error-404.html;
|
error_page 404 /assets/error-404.html;
|
||||||
@ -41,7 +41,7 @@ But enough of the disclaimer, on to the actual configuration — typically in `n
|
|||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
sendfile on;
|
sendfile on;
|
||||||
try_files $uri vendor/silverstripe/framework/main.php?url=$uri&$query_string;
|
try_files $uri index.php?$query_string;
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~ /framework/.*(main|rpc|tiny_mce_gzip)\.php$ {
|
location ~ /framework/.*(main|rpc|tiny_mce_gzip)\.php$ {
|
||||||
|
@ -48,7 +48,7 @@ Create `/etc/nginx/silverstripe.conf` and add this configuration:
|
|||||||
fastcgi_buffers 4 32k;
|
fastcgi_buffers 4 32k;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
try_files $uri /vendor/silverstripe/framework/main.php?url=$uri&$query_string;
|
try_files $uri /index.php?$query_string;
|
||||||
}
|
}
|
||||||
|
|
||||||
error_page 404 /assets/error-404.html;
|
error_page 404 /assets/error-404.html;
|
||||||
@ -87,7 +87,7 @@ Create `/etc/nginx/silverstripe.conf` and add this configuration:
|
|||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
|
|
||||||
The above script passes all non-static file requests to `/framework/main.php` in the webroot which relies on
|
The above script passes all non-static file requests to `/index.php` in the webroot which relies on
|
||||||
`hhvm.conf` being included prior so that php requests are handled.
|
`hhvm.conf` being included prior so that php requests are handled.
|
||||||
|
|
||||||
Now in your nginx `server` configuration you can then include the `hhvm.conf` and `silverstripe.conf` files
|
Now in your nginx `server` configuration you can then include the `hhvm.conf` and `silverstripe.conf` files
|
||||||
|
@ -362,7 +362,7 @@ bypasses PHP requests for files that do exist. The default template
|
|||||||
# Non existant files passed to requesthandler
|
# Non existant files passed to requesthandler
|
||||||
RewriteCond %{REQUEST_URI} ^(.*)$
|
RewriteCond %{REQUEST_URI} ^(.*)$
|
||||||
RewriteCond %{REQUEST_FILENAME} !-f
|
RewriteCond %{REQUEST_FILENAME} !-f
|
||||||
RewriteRule .* ../vendor/silverstripe/framework/main.php?url=%1 [QSA]
|
RewriteRule .* ../index.php [QSA]
|
||||||
```
|
```
|
||||||
|
|
||||||
You will need to ensure that your core apache configuration has the necessary `AllowOverride`
|
You will need to ensure that your core apache configuration has the necessary `AllowOverride`
|
||||||
@ -381,9 +381,9 @@ The default rule for IIS is as below (only partial configuration displayed):
|
|||||||
<match url="^(.*)$" />
|
<match url="^(.*)$" />
|
||||||
<conditions>
|
<conditions>
|
||||||
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
|
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
|
||||||
<add input="../vendor/silverstripe/framework/main.php" matchType="IsFile" />
|
<add input="../index.php" matchType="IsFile" />
|
||||||
</conditions>
|
</conditions>
|
||||||
<action type="Rewrite" url="../vendor/silverstripe/framework/main.php?url={R:1}" appendQueryString="true" />
|
<action type="Rewrite" url="../index.php" appendQueryString="true" />
|
||||||
</rule>
|
</rule>
|
||||||
```
|
```
|
||||||
|
|
||||||
@ -402,6 +402,6 @@ dynamic requests are processed via the Framework:
|
|||||||
```
|
```
|
||||||
location ^~ /assets/ {
|
location ^~ /assets/ {
|
||||||
sendfile on;
|
sendfile on;
|
||||||
try_files $uri vendor/silverstripe/framework/main.php?url=$uri&$query_string;
|
try_files $uri index.php?$query_string;
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
@ -65,56 +65,29 @@ The role of the application is to:
|
|||||||
The HTTPApplication provides a specialised application implementation for handling HTTP Requests.
|
The HTTPApplication provides a specialised application implementation for handling HTTP Requests.
|
||||||
This class provides basic support for HTTP Middleware, such as [ErrorControlChainMiddleware](api:SilverStripe\Core\Startup\ErrorControlChainMiddleware).
|
This class provides basic support for HTTP Middleware, such as [ErrorControlChainMiddleware](api:SilverStripe\Core\Startup\ErrorControlChainMiddleware).
|
||||||
|
|
||||||
`main.php` contains the default application implementation.
|
The `index.php` file in your project root contains the default application implementation.
|
||||||
|
You can customise it as required.
|
||||||
|
|
||||||
|
|
||||||
```php
|
```php
|
||||||
|
<?php
|
||||||
use SilverStripe\Control\HTTPApplication;
|
|
||||||
use SilverStripe\Control\HTTPRequestBuilder;
|
|
||||||
use SilverStripe\Core\CoreKernel;
|
|
||||||
use SilverStripe\Core\Startup\ErrorControlChainMiddleware;
|
|
||||||
|
|
||||||
require __DIR__ . '/src/includes/autoload.php';
|
|
||||||
|
|
||||||
// Build request and detect flush
|
|
||||||
$request = HTTPRequestBuilder::createFromEnvironment();
|
|
||||||
|
|
||||||
// Default application
|
|
||||||
$kernel = new CoreKernel(BASE_PATH);
|
|
||||||
$app = new HTTPApplication($kernel);
|
|
||||||
$app->addMiddleware(new ErrorControlChainMiddleware($app));
|
|
||||||
$response = $app->handle($request);
|
|
||||||
$response->output();
|
|
||||||
```
|
|
||||||
|
|
||||||
Users can customise their own application by coping the above to a file in `mysite/main.php`, and
|
use SilverStripe\Control\HTTPApplication;
|
||||||
updating their `.htaccess` to point to the new file.
|
use SilverStripe\Control\HTTPRequestBuilder;
|
||||||
|
use SilverStripe\Core\CoreKernel;
|
||||||
|
use SilverStripe\Core\Startup\ErrorControlChainMiddleware;
|
||||||
|
|
||||||
:::
|
require __DIR__ . '/vendor/autoload.php';
|
||||||
<IfModule mod_rewrite.c>
|
|
||||||
# ...
|
|
||||||
RewriteCond %{REQUEST_URI} ^(.*)$
|
|
||||||
RewriteCond %{REQUEST_FILENAME} !-f
|
|
||||||
RewriteRule .* mysite/main.php?url=%1 [QSA]
|
|
||||||
# ...
|
|
||||||
</IfModule>
|
|
||||||
|
|
||||||
|
// Build request and detect flush
|
||||||
|
$request = HTTPRequestBuilder::createFromEnvironment();
|
||||||
|
|
||||||
Note: This config must also be duplicated in the below template which provide asset routing:
|
// Default application
|
||||||
|
$kernel = new CoreKernel(BASE_PATH);
|
||||||
`silverstripe-assets/templates/SilverStripe/Assets/Flysystem/PublicAssetAdapter_HTAccess.ss`:
|
$app = new HTTPApplication($kernel);
|
||||||
|
$app->addMiddleware(new ErrorControlChainMiddleware($app));
|
||||||
|
$response = $app->handle($request);
|
||||||
```ss
|
$response->output();
|
||||||
|
|
||||||
<IfModule mod_rewrite.c>
|
|
||||||
# ...
|
|
||||||
# Non existant files passed to requesthandler
|
|
||||||
RewriteCond %{REQUEST_URI} ^(.*)$
|
|
||||||
RewriteCond %{REQUEST_FILENAME} !-f
|
|
||||||
RewriteRule .* ../mysite/main.php?url=%1 [QSA]
|
|
||||||
</IfModule>
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## Custom application actions
|
## Custom application actions
|
||||||
|
@ -18,63 +18,7 @@ Check our [installation guides](/getting_started/installation) on how other web
|
|||||||
The standard SilverStripe project ships with a `.htaccess` file in your webroot for this purpose.
|
The standard SilverStripe project ships with a `.htaccess` file in your webroot for this purpose.
|
||||||
By default, requests will be passed through for files existing on the filesystem.
|
By default, requests will be passed through for files existing on the filesystem.
|
||||||
Some access control is in place to deny access to potentially sensitive files in the webroot, such as YAML configuration files.
|
Some access control is in place to deny access to potentially sensitive files in the webroot, such as YAML configuration files.
|
||||||
If no file can be directly matched, control is handed off to `framework/main.php`.
|
If no file can be directly matched, control is handed off to `index.php`.
|
||||||
|
|
||||||
### SILVERSTRIPE START ###
|
|
||||||
|
|
||||||
# Deny access to templates (but allow from localhost)
|
|
||||||
<Files *.ss>
|
|
||||||
Order deny,allow
|
|
||||||
Deny from all
|
|
||||||
Allow from 127.0.0.1
|
|
||||||
</Files>
|
|
||||||
|
|
||||||
# Deny access to IIS configuration
|
|
||||||
<Files web.config>
|
|
||||||
Order deny,allow
|
|
||||||
Deny from all
|
|
||||||
</Files>
|
|
||||||
|
|
||||||
# Deny access to YAML configuration files which might include sensitive information
|
|
||||||
<Files ~ "\.ya?ml$">
|
|
||||||
Order allow,deny
|
|
||||||
Deny from all
|
|
||||||
</Files>
|
|
||||||
|
|
||||||
# Route errors to static pages automatically generated by SilverStripe
|
|
||||||
ErrorDocument 404 /assets/error-404.html
|
|
||||||
ErrorDocument 500 /assets/error-500.html
|
|
||||||
|
|
||||||
<IfModule mod_rewrite.c>
|
|
||||||
SetEnv HTTP_MOD_REWRITE On
|
|
||||||
RewriteEngine On
|
|
||||||
|
|
||||||
# Deny access to potentially sensitive files and folders
|
|
||||||
RewriteRule ^vendor(/|$) - [F,L,NC]
|
|
||||||
RewriteRule silverstripe-cache(/|$) - [F,L,NC]
|
|
||||||
RewriteRule composer\.(json|lock) - [F,L,NC]
|
|
||||||
|
|
||||||
# Non existant files passed to requesthandler
|
|
||||||
# Try finding the module in the vendor folder first
|
|
||||||
RewriteCond %{REQUEST_URI} ^(.*)$
|
|
||||||
RewriteCond %{REQUEST_FILENAME} !-f
|
|
||||||
RewriteRule .* ../vendor/silverstripe/framework/main.php?url=%1 [QSA]
|
|
||||||
|
|
||||||
# If requesting the main script directly, rewrite to the installer
|
|
||||||
RewriteCond %{REQUEST_URI} ^(.*)/framework/main.php$
|
|
||||||
RewriteCond %{REQUEST_FILENAME} !-f
|
|
||||||
RewriteRule . %1/install.php? [R,L]
|
|
||||||
|
|
||||||
</IfModule>
|
|
||||||
### SILVERSTRIPE END ###
|
|
||||||
|
|
||||||
SilverStripe can also operate without this level of rewriting, in which case all dynamic requests go
|
|
||||||
through an `index.php` script in the webroot.
|
|
||||||
|
|
||||||
<div class="notice" markdown="1">
|
|
||||||
Running SilverStripe without web server based rewriting is not recommended since it
|
|
||||||
can leave sensitive files exposed to public access (the `RewriteRule` conditions from above don't apply).
|
|
||||||
</div>
|
|
||||||
|
|
||||||
## Bootstrap
|
## Bootstrap
|
||||||
|
|
||||||
@ -86,7 +30,7 @@ tasks silently in the background.
|
|||||||
[configuration file](/getting_started/environment_management) in the webroot.
|
[configuration file](/getting_started/environment_management) in the webroot.
|
||||||
* Sets constants based on the filesystem structure (e.g. `BASE_URL`, `BASE_PATH` and `TEMP_PATH`)
|
* Sets constants based on the filesystem structure (e.g. `BASE_URL`, `BASE_PATH` and `TEMP_PATH`)
|
||||||
|
|
||||||
All requests go through `main.php`, which sets up the core [Kernel](api:SilverStripe\Core\Kernel) and [HTTPApplication](api:SilverStripe\Control\HTTPApplication)
|
All requests go through `index.php`, which sets up the core [Kernel](api:SilverStripe\Core\Kernel) and [HTTPApplication](api:SilverStripe\Control\HTTPApplication)
|
||||||
objects. See [/developer_guides/execution_pipeline/app_object_and_kernel] for details on this.
|
objects. See [/developer_guides/execution_pipeline/app_object_and_kernel] for details on this.
|
||||||
The main process follows:
|
The main process follows:
|
||||||
|
|
||||||
@ -101,13 +45,12 @@ The main process follows:
|
|||||||
|
|
||||||
While you usually don't need to modify the bootstrap on this level, some deeper customizations like
|
While you usually don't need to modify the bootstrap on this level, some deeper customizations like
|
||||||
adding your own manifests or a performance-optimized routing might require it.
|
adding your own manifests or a performance-optimized routing might require it.
|
||||||
An example of this can be found in the ["staticpublisher" module](https://github.com/silverstripe-labs/silverstripe-staticpublisher/blob/master/main.php).
|
An example of this can be found in the ["staticpublisher" module](https://github.com/silverstripe-labs/silverstripe-staticpublisher/).
|
||||||
The modules instructs web servers to route through its own `main.php` to determine which requests can be cached
|
|
||||||
before handing control off to SilverStripe's own `main.php`.
|
|
||||||
|
|
||||||
## Routing and Request Handling
|
## Routing and Request Handling
|
||||||
|
|
||||||
The `main.php` script relies on [Director](api:SilverStripe\Control\Director) to work out which [controller](../controllers/) should handle this request. It parses the URL, matching it to one of a number of patterns,
|
The `index.php` script relies on [Director](api:SilverStripe\Control\Director) to work out which [controller](../controllers/)
|
||||||
|
should handle this request. It parses the URL, matching it to one of a number of patterns,
|
||||||
and determines the controller, action and any argument to be used ([Routing](../controllers/routing)).
|
and determines the controller, action and any argument to be used ([Routing](../controllers/routing)).
|
||||||
|
|
||||||
* Creates a [HTTPRequest](api:SilverStripe\Control\HTTPRequest) object containing all request and environment information
|
* Creates a [HTTPRequest](api:SilverStripe\Control\HTTPRequest) object containing all request and environment information
|
||||||
|
@ -81,20 +81,34 @@ as a standard first point of upgrade.
|
|||||||
#### Upgrade your rewrite rules
|
#### Upgrade your rewrite rules
|
||||||
|
|
||||||
The location of SilverStripe's "entry file" has changed. Your project and server environment will need
|
The location of SilverStripe's "entry file" has changed. Your project and server environment will need
|
||||||
to adjust the path to this file from `framework/main.php` to `vendor/silverstripe/framework/main.php`.
|
to adjust the path to this file from `framework/main.php` to `index.php`.
|
||||||
If you are running Apache, adjust your `.htaccess` file. For other webservers,
|
If you are running Apache, adjust your `.htaccess` file. For other webservers,
|
||||||
please consult the [installation guides](getting_started/installation/).
|
please consult the [installation guides](getting_started/installation/).
|
||||||
|
Since 4.0, URL rewrite capabilities are required,
|
||||||
|
unless you PHP's built-in webserver through [silverstripe/serve](https://github.com/silverstripe/silverstripe-serve).
|
||||||
|
|
||||||
For websites served by Apache, here's an adjusted `.htaccess` excerpt:
|
The `index.php` file should already exist in your project,
|
||||||
|
but needs its content replaced:
|
||||||
|
|
||||||
```diff
|
```php
|
||||||
+RewriteCond %{REQUEST_URI} !^/vendor/silverstripe/framework/main\.php
|
<?php
|
||||||
RewriteRule ^vendor(/|$) - [F,L,NC]
|
|
||||||
|
|
||||||
# ...
|
use SilverStripe\Control\HTTPApplication;
|
||||||
|
use SilverStripe\Control\HTTPRequestBuilder;
|
||||||
|
use SilverStripe\Core\CoreKernel;
|
||||||
|
use SilverStripe\Core\Startup\ErrorControlChainMiddleware;
|
||||||
|
|
||||||
-RewriteRule .* framework/main.php?url=%1 [QSA]
|
require __DIR__ . '/vendor/autoload.php';
|
||||||
+RewriteRule .* vendor/silverstripe/framework/main.php?url=%1 [QSA]
|
|
||||||
|
// Build request and detect flush
|
||||||
|
$request = HTTPRequestBuilder::createFromEnvironment();
|
||||||
|
|
||||||
|
// Default application
|
||||||
|
$kernel = new CoreKernel(BASE_PATH);
|
||||||
|
$app = new HTTPApplication($kernel);
|
||||||
|
$app->addMiddleware(new ErrorControlChainMiddleware($app));
|
||||||
|
$response = $app->handle($request);
|
||||||
|
$response->output();
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Upgrade references to renamed and namespaced classes
|
#### Upgrade references to renamed and namespaced classes
|
||||||
|
18
main.php
18
main.php
@ -1,18 +0,0 @@
|
|||||||
<?php
|
|
||||||
|
|
||||||
use SilverStripe\Control\HTTPApplication;
|
|
||||||
use SilverStripe\Control\HTTPRequestBuilder;
|
|
||||||
use SilverStripe\Core\CoreKernel;
|
|
||||||
use SilverStripe\Core\Startup\ErrorControlChainMiddleware;
|
|
||||||
|
|
||||||
require __DIR__ . '/src/includes/autoload.php';
|
|
||||||
|
|
||||||
// Build request and detect flush
|
|
||||||
$request = HTTPRequestBuilder::createFromEnvironment();
|
|
||||||
|
|
||||||
// Default application
|
|
||||||
$kernel = new CoreKernel(BASE_PATH);
|
|
||||||
$app = new HTTPApplication($kernel);
|
|
||||||
$app->addMiddleware(new ErrorControlChainMiddleware($app));
|
|
||||||
$response = $app->handle($request);
|
|
||||||
$response->output();
|
|
@ -255,7 +255,7 @@ class Director implements TemplateGlobalProvider
|
|||||||
} else {
|
} else {
|
||||||
$newVars['_GET'] = [];
|
$newVars['_GET'] = [];
|
||||||
}
|
}
|
||||||
$newVars['_SERVER']['REQUEST_URI'] = Director::baseURL() . $url;
|
$newVars['_SERVER']['REQUEST_URI'] = Director::baseURL() . ltrim($url, '/');
|
||||||
$newVars['_REQUEST'] = array_merge($newVars['_GET'], $newVars['_POST']);
|
$newVars['_REQUEST'] = array_merge($newVars['_GET'], $newVars['_POST']);
|
||||||
|
|
||||||
// Normalise vars
|
// Normalise vars
|
||||||
|
@ -404,11 +404,7 @@ class HTTPRequest implements ArrayAccess
|
|||||||
$url = ($this->getExtension()) ? $this->url . '.' . $this->getExtension() : $this->url;
|
$url = ($this->getExtension()) ? $this->url . '.' . $this->getExtension() : $this->url;
|
||||||
|
|
||||||
if ($includeGetVars) {
|
if ($includeGetVars) {
|
||||||
// if we don't unset $vars['url'] we end up with /my/url?url=my/url&foo=bar etc
|
|
||||||
|
|
||||||
$vars = $this->getVars();
|
$vars = $this->getVars();
|
||||||
unset($vars['url']);
|
|
||||||
|
|
||||||
if (count($vars)) {
|
if (count($vars)) {
|
||||||
$url .= '?' . http_build_query($vars);
|
$url .= '?' . http_build_query($vars);
|
||||||
}
|
}
|
||||||
|
@ -32,9 +32,13 @@ class HTTPRequestBuilder
|
|||||||
*/
|
*/
|
||||||
public static function createFromVariables(array $variables, $input)
|
public static function createFromVariables(array $variables, $input)
|
||||||
{
|
{
|
||||||
// Strip `url` out of querystring
|
// Remove query parameters (they're retained separately through $server['_GET']
|
||||||
$url = $variables['_GET']['url'];
|
$url = parse_url($variables['_SERVER']['REQUEST_URI'], PHP_URL_PATH);
|
||||||
unset($variables['_GET']['url']);
|
|
||||||
|
// Remove base folders from the URL if webroot is hosted in a subfolder
|
||||||
|
if (substr(strtolower($url), 0, strlen(BASE_URL)) === strtolower(BASE_URL)) {
|
||||||
|
$url = substr($url, strlen(BASE_URL));
|
||||||
|
}
|
||||||
|
|
||||||
// Build request
|
// Build request
|
||||||
$request = new HTTPRequest(
|
$request = new HTTPRequest(
|
||||||
@ -100,7 +104,6 @@ class HTTPRequestBuilder
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Clean up HTTP global vars for $_GET / $_REQUEST prior to bootstrapping
|
* Clean up HTTP global vars for $_GET / $_REQUEST prior to bootstrapping
|
||||||
* Will also populate the $_GET['url'] var safely
|
|
||||||
*
|
*
|
||||||
* @param array $variables
|
* @param array $variables
|
||||||
* @return array Cleaned variables
|
* @return array Cleaned variables
|
||||||
@ -117,33 +120,6 @@ class HTTPRequestBuilder
|
|||||||
$variables['_SERVER']['REQUEST_METHOD'] = $variables['_SERVER']['X-HTTP-Method-Override'];
|
$variables['_SERVER']['REQUEST_METHOD'] = $variables['_SERVER']['X-HTTP-Method-Override'];
|
||||||
}
|
}
|
||||||
|
|
||||||
// Prevent injection of url= querystring argument by prioritising any leading url argument
|
|
||||||
if (isset($variables['_SERVER']['QUERY_STRING']) &&
|
|
||||||
preg_match('/^(?<url>url=[^&?]*)(?<query>.*[&?]url=.*)$/', $variables['_SERVER']['QUERY_STRING'], $results)
|
|
||||||
) {
|
|
||||||
$queryString = $results['query'].'&'.$results['url'];
|
|
||||||
parse_str($queryString, $variables['_GET']);
|
|
||||||
}
|
|
||||||
|
|
||||||
// Decode url from REQUEST_URI if not passed via $_GET['url']
|
|
||||||
if (!isset($variables['_GET']['url'])) {
|
|
||||||
$url = $variables['_SERVER']['REQUEST_URI'];
|
|
||||||
|
|
||||||
// Querystring args need to be explicitly parsed
|
|
||||||
if (strpos($url, '?') !== false) {
|
|
||||||
list($url, $queryString) = explode('?', $url, 2);
|
|
||||||
parse_str($queryString);
|
|
||||||
}
|
|
||||||
|
|
||||||
// Ensure $_GET['url'] is set
|
|
||||||
$variables['_GET']['url'] = urldecode($url);
|
|
||||||
}
|
|
||||||
|
|
||||||
// Remove base folders from the URL if webroot is hosted in a subfolder
|
|
||||||
if (substr(strtolower($variables['_GET']['url']), 0, strlen(BASE_URL)) === strtolower(BASE_URL)) {
|
|
||||||
$variables['_GET']['url'] = substr($variables['_GET']['url'], strlen(BASE_URL));
|
|
||||||
}
|
|
||||||
|
|
||||||
// Merge $_FILES into $_POST
|
// Merge $_FILES into $_POST
|
||||||
$variables['_POST'] = array_merge((array)$variables['_POST'], (array)$variables['_FILES']);
|
$variables['_POST'] = array_merge((array)$variables['_POST'], (array)$variables['_FILES']);
|
||||||
|
|
||||||
|
@ -442,7 +442,7 @@ class ClassManifest
|
|||||||
$finder = new ManifestFileFinder();
|
$finder = new ManifestFileFinder();
|
||||||
$finder->setOptions(array(
|
$finder->setOptions(array(
|
||||||
'name_regex' => '/^[^_].*\\.php$/',
|
'name_regex' => '/^[^_].*\\.php$/',
|
||||||
'ignore_files' => array('index.php', 'main.php', 'cli-script.php'),
|
'ignore_files' => array('index.php', 'cli-script.php'),
|
||||||
'ignore_tests' => !$includeTests,
|
'ignore_tests' => !$includeTests,
|
||||||
'file_callback' => function ($basename, $pathname, $depth) use ($includeTests, $finder) {
|
'file_callback' => function ($basename, $pathname, $depth) use ($includeTests, $finder) {
|
||||||
$this->handleFile($basename, $pathname, $includeTests);
|
$this->handleFile($basename, $pathname, $includeTests);
|
||||||
|
@ -15,7 +15,7 @@ use Exception;
|
|||||||
* $chain = new ErrorControlChain();
|
* $chain = new ErrorControlChain();
|
||||||
* $chain->then($callback1)->then($callback2)->thenIfErrored($callback3)->execute();
|
* $chain->then($callback1)->then($callback2)->thenIfErrored($callback3)->execute();
|
||||||
*
|
*
|
||||||
* WARNING: This class is experimental and designed specifically for use pre-startup in main.php
|
* WARNING: This class is experimental and designed specifically for use pre-startup.
|
||||||
* It will likely be heavily refactored before the release of 3.2
|
* It will likely be heavily refactored before the release of 3.2
|
||||||
*/
|
*/
|
||||||
class ErrorControlChain
|
class ErrorControlChain
|
||||||
|
@ -16,7 +16,7 @@ use SilverStripe\Security\RandomGenerator;
|
|||||||
* established, this class takes care of allowing some other code of confirming the parameter,
|
* established, this class takes care of allowing some other code of confirming the parameter,
|
||||||
* by generating a one-time-use token & redirecting with that token included in the redirected URL
|
* by generating a one-time-use token & redirecting with that token included in the redirected URL
|
||||||
*
|
*
|
||||||
* WARNING: This class is experimental and designed specifically for use pre-startup in main.php
|
* WARNING: This class is experimental and designed specifically for use pre-startup.
|
||||||
* It will likely be heavily refactored before the release of 3.2
|
* It will likely be heavily refactored before the release of 3.2
|
||||||
*/
|
*/
|
||||||
class ParameterConfirmationToken
|
class ParameterConfirmationToken
|
||||||
|
@ -881,7 +881,7 @@ class InstallRequirements
|
|||||||
if ($this->testApacheRewriteExists()) {
|
if ($this->testApacheRewriteExists()) {
|
||||||
return true;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
$this->warning($testDetails);
|
$this->error($testDetails);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -439,12 +439,8 @@ ErrorDocument 500 /assets/error-500.html
|
|||||||
$baseClause
|
$baseClause
|
||||||
$cgiClause
|
$cgiClause
|
||||||
|
|
||||||
# Deny access to vendor, unless you're requesting main.php
|
|
||||||
# Not restricting to the start of the path to support RewriteBase
|
|
||||||
RewriteCond %{REQUEST_URI} !^/vendor/silverstripe/framework/main\.php
|
|
||||||
RewriteRule ^vendor(/|$) - [F,L,NC]
|
|
||||||
|
|
||||||
# Deny access to potentially sensitive files and folders
|
# Deny access to potentially sensitive files and folders
|
||||||
|
RewriteRule ^vendor(/|$) - [F,L,NC]
|
||||||
RewriteRule ^\.env - [F,L,NC]
|
RewriteRule ^\.env - [F,L,NC]
|
||||||
RewriteRule silverstripe-cache(/|$) - [F,L,NC]
|
RewriteRule silverstripe-cache(/|$) - [F,L,NC]
|
||||||
RewriteRule composer\.(json|lock) - [F,L,NC]
|
RewriteRule composer\.(json|lock) - [F,L,NC]
|
||||||
@ -455,7 +451,7 @@ ErrorDocument 500 /assets/error-500.html
|
|||||||
# Try finding framework in the vendor folder first
|
# Try finding framework in the vendor folder first
|
||||||
RewriteCond %{REQUEST_URI} ^(.*)$
|
RewriteCond %{REQUEST_URI} ^(.*)$
|
||||||
RewriteCond %{REQUEST_FILENAME} !-f
|
RewriteCond %{REQUEST_FILENAME} !-f
|
||||||
RewriteRule .* vendor/silverstripe/framework/main.php?url=%1 [QSA]
|
RewriteRule .* index.php
|
||||||
</IfModule>
|
</IfModule>
|
||||||
TEXT;
|
TEXT;
|
||||||
|
|
||||||
@ -510,9 +506,8 @@ TEXT;
|
|||||||
<match url="^(.*)$" />
|
<match url="^(.*)$" />
|
||||||
<conditions>
|
<conditions>
|
||||||
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
|
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
|
||||||
<add input="vendor/silverstripe/framework/main.php" matchType="IsFile" />
|
|
||||||
</conditions>
|
</conditions>
|
||||||
<action type="Rewrite" url="vendor/silverstripe/framework/main.php?url={R:1}" appendQueryString="true" />
|
<action type="Rewrite" url="index.php" appendQueryString="true" />
|
||||||
</rule>
|
</rule>
|
||||||
</rules>
|
</rules>
|
||||||
</rewrite>
|
</rewrite>
|
||||||
|
@ -94,9 +94,8 @@ class DetailedErrorFormatter implements FormatterInterface
|
|||||||
$httpRequest = null;
|
$httpRequest = null;
|
||||||
if (isset($_SERVER['REQUEST_URI'])) {
|
if (isset($_SERVER['REQUEST_URI'])) {
|
||||||
$httpRequest = $_SERVER['REQUEST_URI'];
|
$httpRequest = $_SERVER['REQUEST_URI'];
|
||||||
} elseif (isset($_REQUEST['url'])) {
|
|
||||||
$httpRequest = $_REQUEST['url'];
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isset($_SERVER['REQUEST_METHOD'])) {
|
if (isset($_SERVER['REQUEST_METHOD'])) {
|
||||||
$httpRequest = $_SERVER['REQUEST_METHOD'] . ' ' . $httpRequest;
|
$httpRequest = $_SERVER['REQUEST_METHOD'] . ' ' . $httpRequest;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user