bootstrap.inc 79.4 KB
Newer Older
1
<?php
2 3 4 5
/**
 * @file
 * Functions that need to be loaded on every Drupal request.
 */
Dries's avatar
 
Dries committed
6

7
use Drupal\Component\Utility\Crypt;
8
use Drupal\Component\Utility\Environment;
9
use Drupal\Component\Utility\NestedArray;
10
use Drupal\Component\Utility\String;
11
use Drupal\Component\Utility\Timer;
12
use Drupal\Component\Utility\Unicode;
13
use Drupal\Component\Utility\UrlHelper;
14
use Drupal\Core\DrupalKernel;
15 16
use Drupal\Core\Database\Database;
use Drupal\Core\DependencyInjection\ContainerBuilder;
17
use Drupal\Core\Extension\ExtensionDiscovery;
18
use Drupal\Core\Site\Settings;
19
use Drupal\Core\Utility\Title;
20
use Drupal\Core\Utility\Error;
21
use Symfony\Component\ClassLoader\ApcClassLoader;
22 23 24 25
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\DependencyInjection\Container;
use Symfony\Component\DependencyInjection\Reference;
use Symfony\Component\DependencyInjection\Exception\RuntimeException as DependencyInjectionRuntimeException;
26
use Symfony\Component\HttpFoundation\Request;
27
use Symfony\Component\HttpFoundation\Response;
28
use Drupal\Core\Language\Language;
29
use Drupal\Core\Language\LanguageInterface;
30 31
use Drupal\Core\Lock\DatabaseLockBackend;
use Drupal\Core\Lock\LockBackendInterface;
32
use Drupal\Core\Session\AnonymousUserSession;
33

34 35 36
/**
 * Minimum supported version of PHP.
 */
37
const DRUPAL_MINIMUM_PHP = '5.4.2';
38 39 40 41

/**
 * Minimum recommended value of PHP memory_limit.
 */
42
const DRUPAL_MINIMUM_PHP_MEMORY_LIMIT = '32M';
43

44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63
/**
 * Error reporting level: display no errors.
 */
const ERROR_REPORTING_HIDE = 'hide';

/**
 * Error reporting level: display errors and warnings.
 */
const ERROR_REPORTING_DISPLAY_SOME = 'some';

/**
 * Error reporting level: display all messages.
 */
const ERROR_REPORTING_DISPLAY_ALL = 'all';

/**
 * Error reporting level: display all messages, plus backtrace information.
 */
const ERROR_REPORTING_DISPLAY_VERBOSE = 'verbose';

64 65 66 67 68 69
/**
 * @defgroup logging_severity_levels Logging severity levels
 * @{
 * Logging severity levels as defined in RFC 3164.
 *
 * The WATCHDOG_* constant definitions correspond to the logging severity levels
70
 * defined in RFC 3164, section 4.1.1. PHP supplies predefined LOG_* constants
71
 * for use in the syslog() function, but their values on Windows builds do not
72
 * correspond to RFC 3164. The associated PHP bug report was closed with the
73 74 75 76 77 78 79 80 81 82 83 84 85 86
 * comment, "And it's also not a bug, as Windows just have less log levels,"
 * and "So the behavior you're seeing is perfectly normal."
 *
 * @see http://www.faqs.org/rfcs/rfc3164.html
 * @see http://bugs.php.net/bug.php?id=18090
 * @see http://php.net/manual/function.syslog.php
 * @see http://php.net/manual/network.constants.php
 * @see watchdog()
 * @see watchdog_severity_levels()
 */

/**
 * Log message severity -- Emergency: system is unusable.
 */
87
const WATCHDOG_EMERGENCY = 0;
88 89 90 91

/**
 * Log message severity -- Alert: action must be taken immediately.
 */
92
const WATCHDOG_ALERT = 1;
93 94

/**
95
 * Log message severity -- Critical conditions.
96
 */
97
const WATCHDOG_CRITICAL = 2;
98 99

/**
100
 * Log message severity -- Error conditions.
101
 */
102
const WATCHDOG_ERROR = 3;
103 104

/**
105
 * Log message severity -- Warning conditions.
106
 */
107
const WATCHDOG_WARNING = 4;
108 109

/**
110
 * Log message severity -- Normal but significant conditions.
111
 */
112
const WATCHDOG_NOTICE = 5;
113 114

/**
115
 * Log message severity -- Informational messages.
116
 */
117
const WATCHDOG_INFO = 6;
118 119

/**
120
 * Log message severity -- Debug-level messages.
121
 */
122
const WATCHDOG_DEBUG = 7;
123 124 125 126 127

/**
 * @} End of "defgroup logging_severity_levels".
 */

128 129 130
/**
 * First bootstrap phase: initialize configuration.
 */
131
const DRUPAL_BOOTSTRAP_CONFIGURATION = 0;
132 133

/**
134
 * Second bootstrap phase, initalize a kernel.
135
 */
136
const DRUPAL_BOOTSTRAP_KERNEL = 1;
137 138

/**
139
 * Third bootstrap phase: try to serve a cached page.
140
 */
141
const DRUPAL_BOOTSTRAP_PAGE_CACHE = 2;
142 143

/**
144
 * Fourth bootstrap phase: load code for subsystems and modules.
145
 */
146
const DRUPAL_BOOTSTRAP_CODE = 3;
147 148

/**
149
 * Final bootstrap phase: initialize language, path, theme, and modules.
150
 */
151
const DRUPAL_BOOTSTRAP_FULL = 4;
152

153 154 155
/**
 * Role ID for anonymous users; should match what's in the "role" table.
 */
156
const DRUPAL_ANONYMOUS_RID = 'anonymous';
157 158 159 160

/**
 * Role ID for authenticated users; should match what's in the "role" table.
 */
161
const DRUPAL_AUTHENTICATED_RID = 'authenticated';
162

163 164 165 166 167
/**
 * The maximum number of characters in a module or theme name.
 */
const DRUPAL_EXTENSION_NAME_MAX_LENGTH = 50;

168
/**
169
 * Time of the current request in seconds elapsed since the Unix Epoch.
170
 *
171 172 173 174 175 176
 * This differs from $_SERVER['REQUEST_TIME'], which is stored as a float
 * since PHP 5.4.0. Float timestamps confuse most PHP functions
 * (including date_create()).
 *
 * @see http://php.net/manual/reserved.variables.server.php
 * @see http://php.net/manual/function.time.php
177
 */
178
define('REQUEST_TIME', (int) $_SERVER['REQUEST_TIME']);
179

180 181 182
/**
 * Regular expression to match PHP function names.
 *
183
 * @see http://php.net/manual/language.functions.php
184
 */
185
const DRUPAL_PHP_FUNCTION_PATTERN = '[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*';
186

187 188 189
/**
 * $config_directories key for active directory.
 *
190
 * @see config_get_config_directory()
191 192 193 194 195 196
 */
const CONFIG_ACTIVE_DIRECTORY = 'active';

/**
 * $config_directories key for staging directory.
 *
197
 * @see config_get_config_directory()
198 199 200
 */
const CONFIG_STAGING_DIRECTORY = 'staging';

201 202 203 204 205 206 207
/**
 * Defines the root directory of the Drupal installation.
 *
 * This strips two levels of directories off the current directory.
 */
define('DRUPAL_ROOT', dirname(dirname(__DIR__)));

Dries's avatar
 
Dries committed
208
/**
209
 * Returns the appropriate configuration directory.
Dries's avatar
 
Dries committed
210
 *
211 212 213 214 215
 * Returns the configuration path based on the site's hostname, port, and
 * pathname. Uses find_conf_path() to find the current configuration directory.
 * See default.settings.php for examples on how the URL is converted to a
 * directory.
 *
216
 * @param bool $require_settings
217 218 219 220
 *   Only configuration directories with an existing settings.php file
 *   will be recognized. Defaults to TRUE. During initial installation,
 *   this is set to FALSE so that Drupal can detect a matching directory,
 *   then create a new settings.php file in it.
221
 * @param bool $reset
222
 *   Force a full search for matching directories even if one had been
223 224
 *   found previously. Defaults to FALSE.
 *
225 226
 * @return
 *   The path of the matching directory.
227
 *
228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246
 * @see default.settings.php
 */
function conf_path($require_settings = TRUE, $reset = FALSE) {
  static $conf_path;

  if (isset($conf_path) && !$reset) {
    return $conf_path;
  }

  // Check for a simpletest override.
  if ($test_prefix = drupal_valid_test_ua()) {
    $conf_path = 'sites/simpletest/' . substr($test_prefix, 10);
    return $conf_path;
  }

  // Otherwise, use the normal $conf_path.
  $script_name = $_SERVER['SCRIPT_NAME'];
  if (!$script_name) {
    $script_name = $_SERVER['SCRIPT_FILENAME'];
247
  }
248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296
  $http_host = $_SERVER['HTTP_HOST'];
  $conf_path = find_conf_path($http_host, $script_name, $require_settings);
  return $conf_path;
}

/**
 * Finds the appropriate configuration directory for a given host and path.
 *
 * Finds a matching configuration directory file by stripping the website's
 * hostname from left to right and pathname from right to left. By default,
 * the directory must contain a 'settings.php' file for it to match. If the
 * parameter $require_settings is set to FALSE, then a directory without a
 * 'settings.php' file will match as well. The first configuration
 * file found will be used and the remaining ones will be ignored. If no
 * configuration file is found, returns a default value '$confdir/default'. See
 * default.settings.php for examples on how the URL is converted to a directory.
 *
 * If a file named sites.php is present in the $confdir, it will be loaded
 * prior to scanning for directories. That file can define aliases in an
 * associative array named $sites. The array is written in the format
 * '<port>.<domain>.<path>' => 'directory'. As an example, to create a
 * directory alias for http://www.drupal.org:8080/mysite/test whose configuration
 * file is in sites/example.com, the array should be defined as:
 * @code
 * $sites = array(
 *   '8080.www.drupal.org.mysite.test' => 'example.com',
 * );
 * @endcode
 *
 * @param $http_host
 *   The hostname and optional port number, e.g. "www.example.com" or
 *   "www.example.com:8080".
 * @param $script_name
 *   The part of the URL following the hostname, including the leading slash.
 * @param $require_settings
 *   Defaults to TRUE. If TRUE, then only match directories with a
 *   'settings.php' file. Otherwise match any directory.
 *
 * @return
 *   The path of the matching configuration directory.
 *
 * @see default.settings.php
 * @see example.sites.php
 * @see conf_path()
 */
function find_conf_path($http_host, $script_name, $require_settings = TRUE) {
  // Determine whether multi-site functionality is enabled.
  if (!file_exists(DRUPAL_ROOT . '/sites/sites.php')) {
    return 'sites/default';
297
  }
298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313

  $sites = array();
  include DRUPAL_ROOT . '/sites/sites.php';

  $uri = explode('/', $script_name);
  $server = explode('.', implode('.', array_reverse(explode(':', rtrim($http_host, '.')))));
  for ($i = count($uri) - 1; $i > 0; $i--) {
    for ($j = count($server); $j > 0; $j--) {
      $dir = implode('.', array_slice($server, -$j)) . implode('.', array_slice($uri, 0, $i));
      if (isset($sites[$dir]) && file_exists(DRUPAL_ROOT . '/sites/' . $sites[$dir])) {
        $dir = $sites[$dir];
      }
      if (file_exists(DRUPAL_ROOT . '/sites/' . $dir . '/settings.php') || (!$require_settings && file_exists(DRUPAL_ROOT . '/sites/' . $dir))) {
        return "sites/$dir";
      }
    }
Dries's avatar
 
Dries committed
314
  }
315
  return 'sites/default';
Dries's avatar
 
Dries committed
316
}
317

318
/**
319 320 321 322 323
 * Returns the path of a configuration directory.
 *
 * @param string $type
 *   (optional) The type of config directory to return. Drupal core provides
 *   'active' and 'staging'. Defaults to CONFIG_ACTIVE_DIRECTORY.
324 325 326 327
 *
 * @return string
 *   The configuration directory path.
 */
328 329
function config_get_config_directory($type = CONFIG_ACTIVE_DIRECTORY) {
  global $config_directories;
330

331
  if (!empty($config_directories[$type])) {
332
    return $config_directories[$type];
333
  }
334
  throw new \Exception(format_string('The configuration directory type %type does not exist.', array('%type' => $type)));
335 336
}

337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537
/**
 * Initializes the PHP environment.
 */
function drupal_environment_initialize() {
  if (!isset($_SERVER['SERVER_PROTOCOL']) || ($_SERVER['SERVER_PROTOCOL'] != 'HTTP/1.0' && $_SERVER['SERVER_PROTOCOL'] != 'HTTP/1.1')) {
    $_SERVER['SERVER_PROTOCOL'] = 'HTTP/1.0';
  }

  if (isset($_SERVER['HTTP_HOST'])) {
    // As HTTP_HOST is user input, ensure it only contains characters allowed
    // in hostnames. See RFC 952 (and RFC 2181).
    // $_SERVER['HTTP_HOST'] is lowercased here per specifications.
    $_SERVER['HTTP_HOST'] = strtolower($_SERVER['HTTP_HOST']);
    if (!drupal_valid_http_host($_SERVER['HTTP_HOST'])) {
      // HTTP_HOST is invalid, e.g. if containing slashes it may be an attack.
      header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request');
      exit;
    }
  }
  else {
    // Some pre-HTTP/1.1 clients will not send a Host header. Ensure the key is
    // defined for E_ALL compliance.
    $_SERVER['HTTP_HOST'] = '';
  }

  // @todo Refactor with the Symfony Request object.
  _current_path(request_path());

  // Enforce E_STRICT, but allow users to set levels not part of E_STRICT.
  error_reporting(E_STRICT | E_ALL | error_reporting());

  // Override PHP settings required for Drupal to work properly.
  // sites/default/default.settings.php contains more runtime settings.
  // The .htaccess file contains settings that cannot be changed at runtime.

  // Use session cookies, not transparent sessions that puts the session id in
  // the query string.
  ini_set('session.use_cookies', '1');
  ini_set('session.use_only_cookies', '1');
  ini_set('session.use_trans_sid', '0');
  // Don't send HTTP headers using PHP's session handler.
  // Send an empty string to disable the cache limiter.
  ini_set('session.cache_limiter', '');
  // Use httponly session cookies.
  ini_set('session.cookie_httponly', '1');

  // Set sane locale settings, to ensure consistent string, dates, times and
  // numbers handling.
  setlocale(LC_ALL, 'C');
}

/**
 * Validates that a hostname (for example $_SERVER['HTTP_HOST']) is safe.
 *
 * @return
 *  TRUE if only containing valid characters, or FALSE otherwise.
 */
function drupal_valid_http_host($host) {
  return preg_match('/^\[?(?:[a-zA-Z0-9-:\]_]+\.?)+$/', $host);
}

/**
 * Sets the base URL, cookie domain, and session name from configuration.
 */
function drupal_settings_initialize() {
  // Export these settings.php variables to the global namespace.
  global $base_url, $cookie_domain, $config_directories, $config;
  $databases = array();
  $settings = array();
  $config = array();

  // Make conf_path() available as local variable in settings.php.
  $conf_path = conf_path();
  if (is_readable(DRUPAL_ROOT . '/' . $conf_path . '/settings.php')) {
    require DRUPAL_ROOT . '/' . $conf_path . '/settings.php';
  }
  // Initialize Database.
  Database::setMultipleConnectionInfo($databases);
  // Initialize Settings.
  new Settings($settings);
}

/**
 * Initializes global request variables.
 *
 * @todo D8: Eliminate this entirely in favor of Request object.
 */
function _drupal_request_initialize() {
  // Provided by settings.php.
  // @see drupal_settings_initialize()
  global $base_url, $cookie_domain;
  // Set and derived from $base_url by this function.
  global $base_path, $base_root, $script_path;
  global $base_secure_url, $base_insecure_url;

  $is_https = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on';

  if (isset($base_url)) {
    // Parse fixed base URL from settings.php.
    $parts = parse_url($base_url);
    if (!isset($parts['path'])) {
      $parts['path'] = '';
    }
    $base_path = $parts['path'] . '/';
    // Build $base_root (everything until first slash after "scheme://").
    $base_root = substr($base_url, 0, strlen($base_url) - strlen($parts['path']));
  }
  else {
    // Create base URL
    $http_protocol = $is_https ? 'https' : 'http';
    $base_root = $http_protocol . '://' . $_SERVER['HTTP_HOST'];

    $base_url = $base_root;

    // For a request URI of '/index.php/foo', $_SERVER['SCRIPT_NAME'] is
    // '/index.php', whereas $_SERVER['PHP_SELF'] is '/index.php/foo'.
    if ($dir = rtrim(dirname($_SERVER['SCRIPT_NAME']), '\/')) {
      // Remove "core" directory if present, allowing install.php, update.php,
      // and others to auto-detect a base path.
      $core_position = strrpos($dir, '/core');
      if ($core_position !== FALSE && strlen($dir) - 5 == $core_position) {
        $base_path = substr($dir, 0, $core_position);
      }
      else {
        $base_path = $dir;
      }
      $base_url .= $base_path;
      $base_path .= '/';
    }
    else {
      $base_path = '/';
    }
  }
  $base_secure_url = str_replace('http://', 'https://', $base_url);
  $base_insecure_url = str_replace('https://', 'http://', $base_url);

  // Determine the path of the script relative to the base path, and add a
  // trailing slash. This is needed for creating URLs to Drupal pages.
  if (!isset($script_path)) {
    $script_path = '';
    // We don't expect scripts outside of the base path, but sanity check
    // anyway.
    if (strpos($_SERVER['SCRIPT_NAME'], $base_path) === 0) {
      $script_path = substr($_SERVER['SCRIPT_NAME'], strlen($base_path)) . '/';
      // If the request URI does not contain the script name, then clean URLs
      // are in effect and the script path can be similarly dropped from URL
      // generation. For servers that don't provide $_SERVER['REQUEST_URI'], we
      // do not know the actual URI requested by the client, and request_uri()
      // returns a URI with the script name, resulting in non-clean URLs unless
      // there's other code that intervenes.
      if (strpos(request_uri(TRUE) . '/', $base_path . $script_path) !== 0) {
        $script_path = '';
      }
      // @todo Temporary BC for install.php, update.php, and other scripts.
      //   - http://drupal.org/node/1547184
      //   - http://drupal.org/node/1546082
      if ($script_path !== 'index.php/') {
        $script_path = '';
      }
    }
  }

  if ($cookie_domain) {
    // If the user specifies the cookie domain, also use it for session name.
    $session_name = $cookie_domain;
  }
  else {
    // Otherwise use $base_url as session name, without the protocol
    // to use the same session identifiers across HTTP and HTTPS.
    list( , $session_name) = explode('://', $base_url, 2);
    // HTTP_HOST can be modified by a visitor, but we already sanitized it
    // in drupal_settings_initialize().
    if (!empty($_SERVER['HTTP_HOST'])) {
      $cookie_domain = $_SERVER['HTTP_HOST'];
      // Strip leading periods, www., and port numbers from cookie domain.
      $cookie_domain = ltrim($cookie_domain, '.');
      if (strpos($cookie_domain, 'www.') === 0) {
        $cookie_domain = substr($cookie_domain, 4);
      }
      $cookie_domain = explode(':', $cookie_domain);
      $cookie_domain = '.' . $cookie_domain[0];
    }
  }
  // Per RFC 2109, cookie domains must contain at least one dot other than the
  // first. For hosts such as 'localhost' or IP Addresses we don't set a cookie domain.
  if (count(explode('.', $cookie_domain)) > 2 && !is_numeric(str_replace('.', '', $cookie_domain))) {
    ini_set('session.cookie_domain', $cookie_domain);
  }
  // To prevent session cookies from being hijacked, a user can configure the
  // SSL version of their website to only transfer session cookies via SSL by
  // using PHP's session.cookie_secure setting. The browser will then use two
  // separate session cookies for the HTTPS and HTTP versions of the site. So we
  // must use different session identifiers for HTTPS and HTTP to prevent a
  // cookie collision.
  if ($is_https) {
    ini_set('session.cookie_secure', TRUE);
  }
  $prefix = ini_get('session.cookie_secure') ? 'SSESS' : 'SESS';
  session_name($prefix . substr(hash('sha256', $session_name), 0, 32));
}

Dries's avatar
Dries committed
538
/**
539 540 541 542
 * Returns and optionally sets the filename for a system resource.
 *
 * The filename, whether provided, cached, or retrieved from the database, is
 * only returned if the file exists.
Dries's avatar
Dries committed
543
 *
Dries's avatar
Dries committed
544 545
 * This function plays a key role in allowing Drupal's resources (modules
 * and themes) to be located in different places depending on a site's
546
 * configuration. For example, a module 'foo' may legally be located
Dries's avatar
Dries committed
547 548
 * in any of these three places:
 *
549 550 551
 * core/modules/foo/foo.info.yml
 * modules/foo/foo.info.yml
 * sites/example.com/modules/foo/foo.info.yml
Dries's avatar
Dries committed
552 553 554 555
 *
 * Calling drupal_get_filename('module', 'foo') will give you one of
 * the above, depending on where the module is located.
 *
Dries's avatar
Dries committed
556
 * @param $type
557 558
 *   The type of the item; one of 'core', 'profile', 'module', 'theme', or
 *   'theme_engine'.
Dries's avatar
Dries committed
559
 * @param $name
560 561
 *   The name of the item for which the filename is requested. Ignored for
 *   $type 'core'.
Dries's avatar
Dries committed
562 563 564 565 566
 * @param $filename
 *   The filename of the item if it is to be set explicitly rather
 *   than by consulting the database.
 *
 * @return
567
 *   The filename of the requested item or NULL if the item is not found.
Dries's avatar
Dries committed
568
 */
Dries's avatar
Dries committed
569
function drupal_get_filename($type, $name, $filename = NULL) {
570 571
  // The location of files will not change during the request, so do not use
  // drupal_static().
572
  static $files = array();
Dries's avatar
Dries committed
573

574 575 576 577 578 579 580 581
  // Type 'core' only exists to simplify application-level logic; it always maps
  // to the /core directory, whereas $name is ignored. It is only requested via
  // drupal_get_path(). /core/core.info.yml does not exist, but is required
  // since drupal_get_path() returns the dirname() of the returned pathname.
  if ($type === 'core') {
    return 'core/core.info.yml';
  }

582 583 584
  // Profiles are converted into modules in system_rebuild_module_data().
  // @todo Remove false-exposure of profiles as modules.
  $original_type = $type;
585
  if ($type == 'profile') {
586
    $type = 'module';
587
  }
588
  if (!isset($files[$type])) {
Dries's avatar
Dries committed
589 590 591
    $files[$type] = array();
  }

592
  if (isset($filename)) {
Dries's avatar
Dries committed
593 594
    $files[$type][$name] = $filename;
  }
595 596 597 598 599 600
  elseif (!isset($files[$type][$name])) {
    // If the pathname of the requested extension is not known, try to retrieve
    // the list of extension pathnames from various providers, checking faster
    // providers first.
    // Retrieve the current module list (derived from the service container).
    if ($type == 'module' && \Drupal::hasService('module_handler')) {
601 602 603
      foreach (\Drupal::moduleHandler()->getModuleList() as $module_name => $module) {
        $files[$type][$module_name] = $module->getPathname();
      }
604 605 606 607 608
    }
    // If still unknown, retrieve the file list prepared in state by
    // system_rebuild_module_data() and system_rebuild_theme_data().
    if (!isset($files[$type][$name]) && \Drupal::hasService('state')) {
      $files[$type] += \Drupal::state()->get('system.' . $type . '.files', array());
609
    }
610
    // If still unknown, perform a filesystem scan.
611
    if (!isset($files[$type][$name])) {
612 613 614 615
      $listing = new ExtensionDiscovery();
      // Prevent an infinite recursion by this legacy function.
      if ($original_type == 'profile') {
        $listing->setProfileDirectories(array());
616
      }
617
      foreach ($listing->scan($original_type) as $extension_name => $file) {
618
        $files[$type][$extension_name] = $file->getPathname();
Dries's avatar
Dries committed
619 620 621 622
      }
    }
  }

623 624 625
  if (isset($files[$type][$name])) {
    return $files[$type][$name];
  }
Dries's avatar
Dries committed
626 627
}

628 629 630 631 632 633 634 635 636 637 638 639
/**
 * Gets the page cache cid for this request.
 *
 * @param \Symfony\Component\HttpFoundation\Request $request
 *   The request for this page.
 *
 * @return string
 *   The cid for this request.
 */
function drupal_page_cache_get_cid(Request $request) {
  $cid_parts = array(
    $request->getUri(),
640
    \Drupal::service('content_negotiation')->getContentType($request),
641 642 643 644
  );
  return sha1(implode(':', $cid_parts));
}

Dries's avatar
 
Dries committed
645
/**
646
 * Retrieves the current page from the cache.
Dries's avatar
 
Dries committed
647
 *
648 649
 * @param \Symfony\Component\HttpFoundation\Request $request
 *   The request for this page.
650
 *
651 652
 * @return \Symfony\Component\HttpFoundation\Response
 *   The response, if the page was found in the cache, NULL otherwise.
Dries's avatar
 
Dries committed
653
 */
654
function drupal_page_get_cache(Request $request) {
655 656 657
  $cache = \Drupal::cache('render')->get(drupal_page_cache_get_cid($request));
  if ($cache) {
    return $cache->data;
658
  }
659 660 661
}

/**
662
 * Determines the cacheability of the current page.
663
 *
664 665 666 667 668
 * Note: we do not serve cached pages to authenticated users, or to anonymous
 * users when $_SESSION is non-empty. $_SESSION may contain status messages
 * from a form submission, the contents of a shopping cart, or other user-
 * specific content that should not be cached and displayed to other users.
 *
669
 * @param $allow_caching
670 671
 *   Set to FALSE if you want to prevent this page to get cached.
 *
672
 * @return
673
 *   TRUE if the current page can be cached, FALSE otherwise.
674 675 676 677 678
 */
function drupal_page_is_cacheable($allow_caching = NULL) {
  $allow_caching_static = &drupal_static(__FUNCTION__, TRUE);
  if (isset($allow_caching)) {
    $allow_caching_static = $allow_caching;
Dries's avatar
 
Dries committed
679
  }
680 681

  return $allow_caching_static && ($_SERVER['REQUEST_METHOD'] == 'GET' || $_SERVER['REQUEST_METHOD'] == 'HEAD')
682
    && !drupal_is_cli();
Dries's avatar
 
Dries committed
683 684
}

685
/**
686
 * Sets an HTTP response header for the current page.
687 688 689 690 691
 *
 * Note: When sending a Content-Type header, always include a 'charset' type,
 * too. This is necessary to avoid security bugs (e.g. UTF-7 XSS).
 *
 * @param $name
692
 *   The HTTP header name, or the special 'Status' header name.
693
 * @param $value
694 695 696
 *   The HTTP header value; if equal to FALSE, the specified header is unset.
 *   If $name is 'Status', this is expected to be a status code followed by a
 *   reason phrase, e.g. "404 Not Found".
697 698
 * @param $append
 *   Whether to append the value to an existing header or to replace it.
699
 *
700 701 702
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   Use \Symfony\Component\HttpFoundation\Response->headers->set().
 *   See https://drupal.org/node/2181523.
703
 */
704
function drupal_add_http_header($name, $value, $append = FALSE) {
705
  // The headers as name/value pairs.
706
  $headers = &drupal_static('drupal_http_headers', array());
707

708
  $name_lower = strtolower($name);
709
  _drupal_set_preferred_header_name($name);
710

711
  if ($value === FALSE) {
712
    $headers[$name_lower] = FALSE;
713
  }
714
  elseif (isset($headers[$name_lower]) && $append) {
715 716
    // Multiple headers with identical names may be combined using comma (RFC
    // 2616, section 4.2).
717
    $headers[$name_lower] .= ',' . $value;
718 719
  }
  else {
720
    $headers[$name_lower] = $value;
721 722 723 724
  }
}

/**
725
 * Gets the HTTP response headers for the current page.
726 727 728 729
 *
 * @param $name
 *   An HTTP header name. If omitted, all headers are returned as name/value
 *   pairs. If an array value is FALSE, the header has been unset.
730
 *
731 732 733
 * @return
 *   A string containing the header value, or FALSE if the header has been set,
 *   or NULL if the header has not been set.
734
 *
735 736 737
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   Use \Symfony\Component\HttpFoundation\Response->headers->get().
 *   See https://drupal.org/node/2181523.
738
 */
739
function drupal_get_http_header($name = NULL) {
740
  $headers = &drupal_static('drupal_http_headers', array());
741 742 743 744 745 746 747 748 749 750
  if (isset($name)) {
    $name = strtolower($name);
    return isset($headers[$name]) ? $headers[$name] : NULL;
  }
  else {
    return $headers;
  }
}

/**
751 752
 * Sets the preferred name for the HTTP header.
 *
753
 * Header names are case-insensitive, but for maximum compatibility they should
754 755
 * follow "common form" (see RFC 2616, section 4.2).
 *
756 757
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   See https://drupal.org/node/2181523.
758 759 760 761 762 763 764 765 766 767 768
 */
function _drupal_set_preferred_header_name($name = NULL) {
  static $header_names = array();

  if (!isset($name)) {
    return $header_names;
  }
  $header_names[strtolower($name)] = $name;
}

/**
769 770 771 772
 * Sends the HTTP response headers that were previously set, adding defaults.
 *
 * Headers are set in drupal_add_http_header(). Default headers are not set
 * if they have been replaced or unset using drupal_add_http_header().
773
 *
774 775 776 777 778
 * @param array $default_headers
 *   (optional) An array of headers as name/value pairs.
 * @param bool $only_default
 *   (optional) If TRUE and headers have already been sent, send only the
 *   specified headers.
779
 *
780 781
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   See https://drupal.org/node/2181523.
782 783 784
 */
function drupal_send_headers($default_headers = array(), $only_default = FALSE) {
  $headers_sent = &drupal_static(__FUNCTION__, FALSE);
785
  $headers = drupal_get_http_header();
786 787 788 789 790 791 792 793 794 795 796 797 798 799
  if ($only_default && $headers_sent) {
    $headers = array();
  }
  $headers_sent = TRUE;

  $header_names = _drupal_set_preferred_header_name();
  foreach ($default_headers as $name => $value) {
    $name_lower = strtolower($name);
    if (!isset($headers[$name_lower])) {
      $headers[$name_lower] = $value;
      $header_names[$name_lower] = $name;
    }
  }
  foreach ($headers as $name_lower => $value) {
800
    if ($name_lower == 'status') {
801 802 803
      header($_SERVER['SERVER_PROTOCOL'] . ' ' . $value);
    }
    // Skip headers that have been unset.
804
    elseif ($value !== FALSE) {
805 806 807 808 809
      header($header_names[$name_lower] . ': ' . $value);
    }
  }
}

Dries's avatar
 
Dries committed
810
/**
811
 * Sets HTTP headers in preparation for a page response.
812
 *
813 814 815 816
 * Authenticated users are always given a 'no-cache' header, and will fetch a
 * fresh page on every request. This prevents authenticated users from seeing
 * locally cached pages.
 *
817
 * Also give each page a unique ETag. This should force clients to include both
818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833
 * an If-Modified-Since header and an If-None-Match header when doing
 * conditional requests for the page (required by RFC 2616, section 13.3.4),
 * making the validation more robust. This is a workaround for a bug in Mozilla
 * Firefox that is triggered when Drupal's caching is enabled and the user
 * accesses Drupal via an HTTP proxy (see
 * https://bugzilla.mozilla.org/show_bug.cgi?id=269303): When an authenticated
 * user requests a page, and then logs out and requests the same page again,
 * Firefox may send a conditional request based on the page that was cached
 * locally when the user was logged in. If this page did not have an ETag
 * header, the request only contains an If-Modified-Since header. The date will
 * be recent, because with authenticated users the Last-Modified header always
 * refers to the time of the request. If the user accesses Drupal via a proxy
 * server, and the proxy already has a cached copy of the anonymous page with an
 * older Last-Modified date, the proxy may respond with 304 Not Modified, making
 * the client think that the anonymous and authenticated pageviews are
 * identical.
834
 *
835
 * @see drupal_page_set_cache()
836
 *
837 838
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   See https://drupal.org/node/2181523.
Dries's avatar
 
Dries committed
839
 */
Dries's avatar
 
Dries committed
840
function drupal_page_header() {
841 842 843 844 845 846 847 848 849 850 851 852 853
  $headers_sent = &drupal_static(__FUNCTION__, FALSE);
  if ($headers_sent) {
    return TRUE;
  }
  $headers_sent = TRUE;

  $default_headers = array(
    'Expires' => 'Sun, 19 Nov 1978 05:00:00 GMT',
    'Last-Modified' => gmdate(DATE_RFC1123, REQUEST_TIME),
    'Cache-Control' => 'no-cache, must-revalidate, post-check=0, pre-check=0',
    'ETag' => '"' . REQUEST_TIME . '"',
  );
  drupal_send_headers($default_headers);
854
}
Dries's avatar
 
Dries committed
855

856
/**
857
 * Sets HTTP headers in preparation for a cached page response.
858
 *
859 860
 * The headers allow as much as possible in proxies and browsers without any
 * particular knowledge about the pages. Modules can override these headers
861
 * using drupal_add_http_header().
862
 *
863 864 865 866
 * If the request is conditional (using If-Modified-Since and If-None-Match),
 * and the conditions match those currently in the cache, a 304 Not Modified
 * response is sent.
 */
867 868 869 870 871 872 873 874 875 876 877
function drupal_serve_page_from_cache(Response $response, Request $request) {
  // Only allow caching in the browser and prevent that the response is stored
  // by an external proxy server when the following conditions apply:
  // 1. There is a session cookie on the request.
  // 2. The Vary: Cookie header is on the response.
  // 3. The Cache-Control header does not contain the no-cache directive.
  if ($request->cookies->has(session_name()) &&
    in_array('Cookie', $response->getVary()) &&
    !$response->headers->hasCacheControlDirective('no-cache')) {

    $response->setPrivate();
878 879
  }

880 881 882 883
  // Negotiate whether to use compression.
  if ($response->headers->get('Content-Encoding') == 'gzip' && extension_loaded('zlib')) {
    if (strpos($request->headers->get('Accept-Encoding'), 'gzip') !== FALSE) {
      // The response content is already gzip'ed, so make sure
884
      // zlib.output_compression does not compress it once more.
885
      ini_set('zlib.output_compression', '0');
886 887
    }
    else {
888 889 890 891 892 893
      // The client does not support compression. Decompress the content and
      // remove the Content-Encoding header.
      $content = $response->getContent();
      $content = gzinflate(substr(substr($content, 10), 0, -8));
      $response->setContent($content);
      $response->headers->remove('Content-Encoding');
894
    }
895 896
  }

897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919
  // Perform HTTP revalidation.
  // @todo Use Response::isNotModified() as per https://drupal.org/node/2259489
  $last_modified = $response->getLastModified();
  if ($last_modified) {
    // See if the client has provided the required HTTP headers.
    $if_modified_since = $request->server->has('HTTP_IF_MODIFIED_SINCE') ? strtotime($request->server->get('HTTP_IF_MODIFIED_SINCE')) : FALSE;
    $if_none_match = $request->server->has('HTTP_IF_NONE_MATCH') ? stripslashes($request->server->get('HTTP_IF_NONE_MATCH')) : FALSE;

    if ($if_modified_since && $if_none_match
      && $if_none_match == $response->getEtag() // etag must match
      && $if_modified_since == $last_modified->getTimestamp()) {  // if-modified-since must match
      $response->setStatusCode(304);
      $response->setContent(NULL);

      // In the case of a 304 response, certain headers must be sent, and the
      // remaining may not (see RFC 2616, section 10.3.5).
      foreach (array_keys($response->headers->all()) as $name) {
        if (!in_array($name, array('content-location', 'expires', 'cache-control', 'vary'))) {
          $response->headers->remove($name);
        }
      }
    }
  }
Dries's avatar
 
Dries committed
920 921
}

922
/**
923
 * Translates a string to the current language or to a given language.
924
 *
925 926 927
 * The t() function serves two purposes. First, at run-time it translates
 * user-visible text into the appropriate language. Second, various mechanisms
 * that figure out what text needs to be translated work off t() -- the text
928 929 930 931 932
 * inside t() calls is added to the database of strings to be translated.
 * These strings are expected to be in English, so the first argument should
 * always be in English. To enable a fully-translatable site, it is important
 * that all human-readable text that will be displayed on the site or sent to
 * a user is passed through the t() function, or a related function. See the
933 934 935 936
 * @link http://drupal.org/node/322729 Localization API @endlink pages for
 * more information, including recommendations on how to break up or not
 * break up strings for translation.
 *
937
 * @section sec_translating_vars Translating Variables
938 939 940 941 942 943 944 945 946
 * You should never use t() to translate variables, such as calling
 * @code t($text); @endcode, unless the text that the variable holds has been
 * passed through t() elsewhere (e.g., $text is one of several translated
 * literal strings in an array). It is especially important never to call
 * @code t($user_text); @endcode, where $user_text is some text that a user
 * entered - doing that can lead to cross-site scripting and other security
 * problems. However, you can use variable substitution in your string, to put
 * variable text such as user names or link URLs into translated text. Variable
 * substitution looks like this:
947
 * @code
948
 * $text = t("@name's blog", array('@name' => user_format_name($account)));
949
 * @endcode
950
 * Basically, you can put variables like @name into your string, and t() will
951 952
 * substitute their sanitized values at translation time. (See the
 * Localization API pages referenced above and the documentation of
953 954 955
 * format_string() for details about how to define variables in your string.)
 * Translators can then rearrange the string as necessary for the language
 * (e.g., in Spanish, it might be "blog de @name").
956 957 958 959
 *
 * @param $string
 *   A string containing the English string to translate.
 * @param $args
960 961 962
 *   An associative array of replacements to make after translation. Based
 *   on the first character of the key, the value is escaped and/or themed.
 *   See format_string() for details.
963
 * @param $options
964 965 966 967 968
 *   An associative array of additional options, with the following elements:
 *   - 'langcode' (defaults to the current language): The language code to
 *     translate to a language other than what is used to display the page.
 *   - 'context' (defaults to the empty context): The context the source string
 *     belongs to.
969
 *
970 971
 * @return
 *   The translated string.
972
 *
973
 * @see format_string()
974
 * @ingroup sanitization
975 976
 */
function t($string, array $args = array(), array $options = array()) {
977
  return \Drupal::translation()->translate($string, $args, $options);
978 979 980
}

/**
981 982
 * Formats a string for HTML display by replacing variable placeholders.
 *
983
 * @see \Drupal\Component\Utility\String::format()
984 985 986 987
 * @see t()
 * @ingroup sanitization
 */
function format_string($string, array $args = array()) {
988
  return String::format($string, $args);
989 990
}

Dries's avatar
Dries committed
991
/**
992
 * Encodes special characters in a plain-text string for display as HTML.
Gábor Hojtsy's avatar
Gábor Hojtsy committed
993
 *
994
 * @see drupal_validate_utf8()
995
 * @ingroup sanitization
996
 *
997 998
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   Use \Drupal\Component\Utility\String::checkPlain().
Dries's avatar
Dries committed
999 1000
 */
function check_plain($text) {
1001
  return String::checkPlain($text);
Gábor Hojtsy's avatar
Gábor Hojtsy committed
1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018
}

/**
 * Checks whether a string is valid UTF-8.
 *
 * All functions designed to filter input should use drupal_validate_utf8
 * to ensure they operate on valid UTF-8 strings to prevent bypass of the
 * filter.
 *
 * When text containing an invalid UTF-8 lead byte (0xC0 - 0xFF) is presented
 * as UTF-8 to Internet Explorer 6, the program may misinterpret subsequent
 * bytes. When these subsequent bytes are HTML control characters such as
 * quotes or angle brackets, parts of the text that were deemed safe by filters
 * end up in locations that are potentially unsafe; An onerror attribute that
 * is outside of a tag, and thus deemed safe by a filter, can be interpreted
 * by the browser as if it were inside the tag.
 *
1019 1020
 * The function does not return FALSE for strings containing character codes
 * above U+10FFFF, even though these are prohibited by RFC 3629.
Gábor Hojtsy's avatar
Gábor Hojtsy committed
1021 1022 1023
 *
 * @param $text
 *   The text to check.
1024
 *
Gábor Hojtsy's avatar
Gábor Hojtsy committed
1025 1026
 * @return
 *   TRUE if the text is valid UTF-8, FALSE if not.
1027 1028
 *
 * @see \Drupal\Component\Utility\Unicode::validateUtf8()
Gábor Hojtsy's avatar
Gábor Hojtsy committed
1029 1030
 */
function drupal_validate_utf8($text) {
1031
  return Unicode::validateUtf8($text);
Dries's avatar
Dries committed
1032 1033
}

Dries's avatar
 
Dries committed
1034
/**
1035 1036 1037 1038
 * Returns the equivalent of Apache's $_SERVER['REQUEST_URI'] variable.
 *
 * Because $_SERVER['REQUEST_URI'] is only available on Apache, we generate an
 * equivalent using other environment variables.
1039 1040
 *
 * @todo The above comment is incorrect: http://drupal.org/node/1547294.
Dries's avatar
 
Dries committed
1041
 */
1042
function request_uri($omit_query_string = FALSE) {
1043 1044 1045 1046
  if (isset($_SERVER['REQUEST_URI'])) {
    $uri = $_SERVER['REQUEST_URI'];
  }
  else {
1047
    if (isset($_SERVER['argv'][0])) {
1048
      $uri = $_SERVER