Skip to content

Commit

Permalink
[TASK] Separate Error handling from TSFE
Browse files Browse the repository at this point in the history 
The goal is to decouple error handling from TSFE.
For that, a new ErrorController is added which can be
called and returns a Response object instead of
exits the current request.

In order to keep full backwards-compatibility,
TSFE currently does not return a response, but
instead exists with a response object.

Next step:
- Move the pageUnavailable_force functionality into a middleware
- See what can be further abstracted to return a response

Resolves: #83883
Releases: master
Change-Id: I41f5f1a32a3f7edd48eb5c0464a26762ad4a946f
Reviewed-on: https://review.typo3.org/55690
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Mathias Schreiber <mathias.schreiber@typo3.com>
Tested-by: Mathias Schreiber <mathias.schreiber@typo3.com>
Reviewed-by: Susanne Moog <susanne.moog@typo3.org>
Tested-by: Susanne Moog <susanne.moog@typo3.org>
  • Loading branch information
@bmack @susannemoog
bmack authored and susannemoog committed Feb 15, 2018
1 parent 6362f63 commit a77b2e0
Show file tree
Hide file tree
Showing 6 changed files with 869 additions and 42 deletions.
46 changes: 46 additions & 0 deletions ...n/Changelog/master/Deprecation-83883-PageNotFoundAndErrorHandlingInFrontend.rst
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
.. include:: ../../Includes.txt

===================================================================
Deprecation: #83883 - Page Not Found And Error handling in Frontend
===================================================================

See :issue:`83883`

Description
===========

The following methods have been marked as deprecated:

* php:`TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController->pageUnavailableAndExit()`
* php:`TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController->pageNotFoundAndExit()`
* php:`TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController->checkPageUnavailableHandler()`
* php:`TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController->pageUnavailableHandler()`
* php:`TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController->pageNotFoundHandler()`
* php:`TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController->pageErrorHandler()`

These methods have been commonly used by third-party extensions to show that a page is not found, or
a page is unavailable due to misconfiguration, or the access to a page was denied.


Impact
======

Calling any of the methods above will trigger a deprecation error.


Affected Installations
======================

Any installation with third-party PHP extension code calling these methods.


Migration
=========

Use the new `ErrorController` with its custom actions `unavailableAction()`, `pageNotFoundAction()` and
`accessDeniedAction()`.

Instead of exiting the currently running script, a proposed PSR-7 compliant response is returned which can be
handled by the third-party extension to enrich, return or customly exiting the script.

.. index:: Frontend, PHP-API, FullyScanned
278 changes: 278 additions & 0 deletions typo3/sysext/frontend/Classes/Controller/ErrorController.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,278 @@
<?php
declare(strict_types = 1);
namespace TYPO3\CMS\Frontend\Controller;

/*
* This file is part of the TYPO3 CMS project.
*
* It is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License, either version 2
* of the License, or any later version.
*
* For the full copyright and license information, please read the
* LICENSE.txt file that was distributed with this source code.
*
* The TYPO3 project - inspiring people to share!
*/

use Psr\Http\Message\ResponseInterface;
use TYPO3\CMS\Core\Controller\ErrorPageController;
use TYPO3\CMS\Core\Error\Http\PageNotFoundException;
use TYPO3\CMS\Core\Error\Http\ServiceUnavailableException;
use TYPO3\CMS\Core\Http\HtmlResponse;
use TYPO3\CMS\Core\Http\RedirectResponse;
use TYPO3\CMS\Core\Utility\GeneralUtility;

/**
* Handles "Page Not Found" or "Page Unavailable" requests,
* returns a response object.
*/
class ErrorController
{
/**
* Used for creating a 500 response ("Page unavailable"), usually due some misconfiguration
* but if configured, a RedirectResponse could be returned as well.
*
* @param string $message
* @param array $reasons
* @return ResponseInterface
* @throws ServiceUnavailableException
*/
public function unavailableAction(string $message, array $reasons = []): ResponseInterface
{
if (!$this->isPageUnavailableHandlerConfigured()) {
throw new ServiceUnavailableException($message, 1518472181);
}
return $this->handlePageError(
$GLOBALS['TYPO3_CONF_VARS']['FE']['pageUnavailable_handling'],
$GLOBALS['TYPO3_CONF_VARS']['FE']['pageUnavailable_handling_statheader'],
$message,
$reasons
);
}

/**
* Used for creating a 404 response ("Page Not Found"),
* but if configured, a RedirectResponse could be returned as well.
*
* @param string $message
* @param array $reasons
* @return ResponseInterface
* @throws PageNotFoundException
*/
public function pageNotFoundAction(string $message, array $reasons = []): ResponseInterface
{
if (!$GLOBALS['TYPO3_CONF_VARS']['FE']['pageNotFound_handling']) {
throw new PageNotFoundException($message, 1518472189);
}
return $this->handlePageError(
$GLOBALS['TYPO3_CONF_VARS']['FE']['pageNotFound_handling'],
$GLOBALS['TYPO3_CONF_VARS']['FE']['pageNotFound_handling_statheader'],
$message,
$reasons
);
}

/**
* Used for creating a 403 response ("Access denied"),
* but if configured, a RedirectResponse could be returned as well.
*
* @param string $message
* @param array $reasons
* @return ResponseInterface
*/
public function accessDeniedAction(string $message, array $reasons = []): ResponseInterface
{
return $this->handlePageError(
$GLOBALS['TYPO3_CONF_VARS']['FE']['pageNotFound_handling'],
$GLOBALS['TYPO3_CONF_VARS']['FE']['pageNotFound_handling_accessdeniedheader'],
$message,
$reasons
);
}

/**
* Checks whether the pageUnavailableHandler should be used. To be used, pageUnavailable_handling must be set
* and devIPMask must not match the current visitor's IP address.
*
* @return bool TRUE/FALSE whether the pageUnavailable_handler should be used.
*/
protected function isPageUnavailableHandlerConfigured(): bool
{
return
$GLOBALS['TYPO3_CONF_VARS']['FE']['pageUnavailable_handling']
&& !GeneralUtility::cmpIP(
GeneralUtility::getIndpEnv('REMOTE_ADDR'),
$GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask']
)
;
}

/**
* Generic error page handler.
*
* @param mixed $errorHandler See docs of ['FE']['pageNotFound_handling'] and ['FE']['pageUnavailable_handling'] for all possible values
* @param string $header If set, this is passed directly to the PHP function, header()
* @param string $reason If set, error messages will also mention this as the reason for the page-not-found.
* @param array $pageAccessFailureReasons
* @return ResponseInterface
* @throws \RuntimeException
*/
protected function handlePageError($errorHandler, string $header = '', string $reason = '', array $pageAccessFailureReasons = []): ResponseInterface
{
$response = null;
$content = '';
// Simply boolean; Just shows TYPO3 error page with reason:
if (gettype($errorHandler) === 'boolean' || strtolower($errorHandler) === 'true' || (string)$errorHandler === '1') {
$content = GeneralUtility::makeInstance(ErrorPageController::class)->errorAction(
'Page Not Found',
'The page did not exist or was inaccessible.' . ($reason ? ' Reason: ' . $reason : '')
);
} elseif (GeneralUtility::isFirstPartOfStr($errorHandler, 'USER_FUNCTION:')) {
$funcRef = trim(substr($errorHandler, 14));
$params = [
'currentUrl' => GeneralUtility::getIndpEnv('REQUEST_URI'),
'reasonText' => $reason,
'pageAccessFailureReasons' => $pageAccessFailureReasons
];
try {
$content = GeneralUtility::callUserFunction($funcRef, $params, $this);
} catch (\Exception $e) {
throw new \RuntimeException('Error: 404 page by USER_FUNCTION "' . $funcRef . '" failed.', 1518472235, $e);
}
} elseif (GeneralUtility::isFirstPartOfStr($errorHandler, 'READFILE:')) {
$readFile = GeneralUtility::getFileAbsFileName(trim(substr($errorHandler, 9)));
if (@is_file($readFile)) {
$content = str_replace(
[
'###CURRENT_URL###',
'###REASON###'
],
[
GeneralUtility::getIndpEnv('REQUEST_URI'),
htmlspecialchars($reason)
],
file_get_contents($readFile)
);
} else {
throw new \RuntimeException('Configuration Error: 404 page "' . $readFile . '" could not be found.', 1518472245);
}
} elseif (GeneralUtility::isFirstPartOfStr($errorHandler, 'REDIRECT:')) {
$response = new RedirectResponse(substr($errorHandler, 9));
} elseif ($errorHandler !== '') {
// Check if URL is relative
$urlParts = parse_url($errorHandler);
// parse_url could return an array without the key "host", the empty check works better than strict check
if (empty($urlParts['host'])) {
$urlParts['host'] = GeneralUtility::getIndpEnv('HTTP_HOST');
if ($errorHandler[0] === '/') {
$errorHandler = GeneralUtility::getIndpEnv('TYPO3_REQUEST_HOST') . $errorHandler;
} else {
$errorHandler = GeneralUtility::getIndpEnv('TYPO3_REQUEST_DIR') . $errorHandler;
}
$checkBaseTag = false;
} else {
$checkBaseTag = true;
}
// Check recursion
if ($errorHandler === GeneralUtility::getIndpEnv('TYPO3_REQUEST_URL')) {
$reason = $reason ?: 'Page cannot be found.';
$reason .= LF . LF . 'Additionally, ' . $errorHandler . ' was not found while trying to retrieve the error document.';
throw new \RuntimeException(nl2br(htmlspecialchars($reason)), 1518472252);
}
// Prepare headers
$requestHeaders = [
'User-agent: ' . GeneralUtility::getIndpEnv('HTTP_USER_AGENT'),
'Referer: ' . GeneralUtility::getIndpEnv('TYPO3_REQUEST_URL')
];
$report = [];
$res = GeneralUtility::getUrl($errorHandler, 1, $requestHeaders, $report);
if ((int)$report['error'] !== 0 && (int)$report['error'] !== 200) {
throw new \RuntimeException('Failed to fetch error page "' . $errorHandler . '", reason: ' . $report['message'], 1518472257);
}
if ($res === false) {
// Last chance -- redirect
$response = new RedirectResponse($errorHandler);
} else {
// Header and content are separated by an empty line
list($returnedHeaders, $content) = explode(CRLF . CRLF, $res, 2);
$content .= CRLF;
// Forward these response headers to the client
$forwardHeaders = [
'Content-Type:'
];
$headerArr = preg_split('/\\r|\\n/', $returnedHeaders, -1, PREG_SPLIT_NO_EMPTY);
foreach ($headerArr as $headerLine) {
foreach ($forwardHeaders as $h) {
if (preg_match('/^' . $h . '/', $headerLine)) {
$header .= CRLF . $headerLine;
}
}
}
// Put <base> if necessary
if ($checkBaseTag) {
// If content already has <base> tag, we do not need to do anything
if (false === stristr($content, '<base ')) {
// Generate href for base tag
$base = $urlParts['scheme'] . '://';
if ($urlParts['user'] != '') {
$base .= $urlParts['user'];
if ($urlParts['pass'] != '') {
$base .= ':' . $urlParts['pass'];
}
$base .= '@';
}
$base .= $urlParts['host'];
// Add path portion skipping possible file name
$base .= preg_replace('/(.*\\/)[^\\/]*/', '${1}', $urlParts['path']);
// Put it into content (generate also <head> if necessary)
$replacement = LF . '<base href="' . htmlentities($base) . '" />' . LF;
if (stristr($content, '<head>')) {
$content = preg_replace('/(<head>)/i', '\\1' . $replacement, $content);
} else {
$content = preg_replace('/(<html[^>]*>)/i', '\\1<head>' . $replacement . '</head>', $content);
}
}
}
}
} else {
$content = GeneralUtility::makeInstance(ErrorPageController::class)->errorAction(
'Page Not Found',
$reason ? 'Reason: ' . $reason : 'Page cannot be found.'
);
}

if (!$response) {
$response = new HtmlResponse($content);
}
return $this->applySanitizedHeadersToResponse($response, $header);
}

/**
* Headers which have been requested, will be added to the response object.
* If a header is part of the HTTP Repsonse code, the response object will be annotated as well.
*
* @param ResponseInterface $response
* @param string $headers
* @return ResponseInterface
*/
protected function applySanitizedHeadersToResponse(ResponseInterface $response, string $headers): ResponseInterface
{
if (!empty($headers)) {
$headerArr = preg_split('/\\r|\\n/', $headers, -1, PREG_SPLIT_NO_EMPTY);
foreach ($headerArr as $headerLine) {
if (strpos($headerLine, 'HTTP/') === 0 && strpos($headerLine, ':') === false) {
list($protocolVersion, $statusCode, $reasonPhrase) = explode(' ', $headerLine, 3);
list(, $protocolVersion) = explode('/', $protocolVersion, 2);
$response = $response
->withProtocolVersion((int)$protocolVersion)
->withStatus($statusCode, $reasonPhrase);
} else {
list($headerName, $value) = GeneralUtility::trimExplode(':', $headerLine, 2);
$response = $response->withHeader($headerName, $value);
}
}
}
return $response;
}
}

0 comments on commit a77b2e0

Please sign in to comment.