DrupalKernel.php 43.5 KB
Newer Older
1
2
3
4
5
6
7
8
9
<?php

/**
 * @file
 * Definition of Drupal\Core\DrupalKernel.
 */

namespace Drupal\Core;

10
use Drupal\Component\ProxyBuilder\ProxyDumper;
11
12
13
14
use Drupal\Component\Utility\Crypt;
use Drupal\Component\Utility\Timer;
use Drupal\Component\Utility\Unicode;
use Drupal\Component\Utility\UrlHelper;
15
use Drupal\Core\Config\BootstrapConfigStorageFactory;
16
use Drupal\Core\Config\NullStorage;
17
use Drupal\Core\Database\Database;
18
use Drupal\Core\DependencyInjection\ContainerBuilder;
19
use Drupal\Core\DependencyInjection\ServiceProviderInterface;
20
use Drupal\Core\DependencyInjection\YamlFileLoader;
21
use Drupal\Core\Extension\ExtensionDiscovery;
22
use Drupal\Core\File\MimeType\MimeTypeGuesser;
23
use Drupal\Core\Http\TrustedHostsRequestFactory;
24
use Drupal\Core\Language\Language;
25
use Drupal\Core\PageCache\RequestPolicyInterface;
26
use Drupal\Core\PhpStorage\PhpStorageFactory;
27
use Drupal\Core\ProxyBuilder\ProxyBuilder;
28
use Drupal\Core\Site\Settings;
29
use Symfony\Cmf\Component\Routing\RouteObjectInterface;
30
use Symfony\Component\DependencyInjection\ContainerInterface;
31
use Symfony\Component\DependencyInjection\ParameterBag\ParameterBag;
32
use Symfony\Component\DependencyInjection\Dumper\PhpDumper;
33
use Symfony\Component\HttpFoundation\RedirectResponse;
34
use Symfony\Component\HttpFoundation\Request;
35
use Symfony\Component\HttpFoundation\RequestStack;
36
use Symfony\Component\HttpFoundation\Response;
37
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
38
use Symfony\Component\HttpKernel\TerminableInterface;
39
use Composer\Autoload\ClassLoader;
40
use Symfony\Component\Routing\Route;
41
42
43

/**
 * The DrupalKernel class is the core of Drupal itself.
44
45
 *
 * This class is responsible for building the Dependency Injection Container and
46
47
48
49
50
51
52
53
 * also deals with the registration of service providers. It allows registered
 * service providers to add their services to the container. Core provides the
 * CoreServiceProvider, which, in addition to registering any core services that
 * cannot be registered in the core.services.yaml file, adds any compiler passes
 * needed by core, e.g. for processing tagged services. Each module can add its
 * own service provider, i.e. a class implementing
 * Drupal\Core\DependencyInjection\ServiceProvider, to register services to the
 * container, or modify existing services.
54
 */
55
56
class DrupalKernel implements DrupalKernelInterface, TerminableInterface {

57
  const CONTAINER_BASE_CLASS = '\Drupal\Core\DependencyInjection\Container';
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

  /**
   * Holds the container instance.
   *
   * @var \Symfony\Component\DependencyInjection\ContainerInterface
   */
  protected $container;

  /**
   * The environment, e.g. 'testing', 'install'.
   *
   * @var string
   */
  protected $environment;

  /**
   * Whether the kernel has been booted.
   *
   * @var bool
   */
78
  protected $booted = FALSE;
79

80
81
82
83
84
85
86
  /**
   * Whether essential services have been set up properly by preHandle().
   *
   * @var bool
   */
  protected $prepared = FALSE;

87
88
89
90
  /**
   * Holds the list of enabled modules.
   *
   * @var array
91
92
   *   An associative array whose keys are module names and whose values are
   *   ignored.
93
94
95
   */
  protected $moduleList;

96
  /**
97
   * List of available modules and installation profiles.
98
   *
99
   * @var \Drupal\Core\Extension\Extension[]
100
   */
101
  protected $moduleData = array();
102
103
104
105
106
107
108
109

  /**
   * PHP code storage object to use for the compiled container.
   *
   * @var \Drupal\Component\PhpStorage\PhpStorageInterface
   */
  protected $storage;

110
111
112
  /**
   * The classloader object.
   *
113
   * @var \Composer\Autoload\ClassLoader
114
115
116
   */
  protected $classLoader;

117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
  /**
   * Config storage object used for reading enabled modules configuration.
   *
   * @var \Drupal\Core\Config\StorageInterface
   */
  protected $configStorage;

  /**
   * Whether the container can be dumped.
   *
   * @var bool
   */
  protected $allowDumping;

  /**
   * Whether the container needs to be dumped once booting is complete.
   *
   * @var bool
   */
  protected $containerNeedsDumping;

138
  /**
139
140
141
142
143
144
   * List of discovered services.yml pathnames.
   *
   * This is a nested array whose top-level keys are 'app' and 'site', denoting
   * the origin of a service provider. Site-specific providers have to be
   * collected separately, because they need to be processed last, so as to be
   * able to override services from application service providers.
145
146
147
148
149
   *
   * @var array
   */
  protected $serviceYamls;

150
  /**
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
   * List of discovered service provider class names.
   *
   * This is a nested array whose top-level keys are 'app' and 'site', denoting
   * the origin of a service provider. Site-specific providers have to be
   * collected separately, because they need to be processed last, so as to be
   * able to override services from application service providers.
   *
   * @var array
   */
  protected $serviceProviderClasses;

  /**
   * List of instantiated service provider classes.
   *
   * @see \Drupal\Core\DrupalKernel::$serviceProviderClasses
166
167
168
169
170
   *
   * @var array
   */
  protected $serviceProviders;

171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
  /**
   * Whether the PHP environment has been initialized.
   *
   * This legacy phase can only be booted once because it sets session INI
   * settings. If a session has already been started, re-generating these
   * settings would break the session.
   *
   * @var bool
   */
  protected static $isEnvironmentInitialized = FALSE;

  /**
   * The site directory.
   *
   * @var string
   */
  protected $sitePath;

189
190
191
192
193
194
195
  /**
   * The app root.
   *
   * @var string
   */
  protected $root;

196
197
198
199
  /**
   * Create a DrupalKernel object from a request.
   *
   * @param \Symfony\Component\HttpFoundation\Request $request
200
201
202
203
204
   *   The request.
   * @param $class_loader
   *   The class loader. Normally Composer's ClassLoader, as included by the
   *   front controller, but may also be decorated; e.g.,
   *   \Symfony\Component\ClassLoader\ApcClassLoader.
205
206
207
208
209
   * @param string $environment
   *   String indicating the environment, e.g. 'prod' or 'dev'.
   * @param bool $allow_dumping
   *   (optional) FALSE to stop the container from being written to or read
   *   from disk. Defaults to TRUE.
210
   *
211
   * @return static
212
213
214
   *
   * @throws \Symfony\Component\HttpKernel\Exception\BadRequestHttpException
   *   In case the host name in the request is not trusted.
215
   */
216
  public static function createFromRequest(Request $request, $class_loader, $environment, $allow_dumping = TRUE) {
217
    // Include our bootstrap file.
218
219
    $core_root = dirname(dirname(dirname(__DIR__)));
    require_once $core_root . '/includes/bootstrap.inc';
220
221
222
223
224
225
226

    $kernel = new static($environment, $class_loader, $allow_dumping);

    // Ensure sane php environment variables..
    static::bootEnvironment();

    // Get our most basic settings setup.
227
228
229
    $site_path = static::findSitePath($request);
    $kernel->setSitePath($site_path);
    Settings::initialize(dirname($core_root), $site_path, $class_loader);
230

231
232
    // Initialize our list of trusted HTTP Host headers to protect against
    // header attacks.
233
234
235
    $host_patterns = Settings::get('trusted_host_patterns', array());
    if (PHP_SAPI !== 'cli' && !empty($host_patterns)) {
      if (static::setupTrustedHosts($request, $host_patterns) === FALSE) {
236
237
238
239
        throw new BadRequestHttpException('The provided host name is not valid for this server.');
      }
    }

240
241
242
    // Redirect the user to the installation script if Drupal has not been
    // installed yet (i.e., if no $databases array has been defined in the
    // settings.php file) and we are not already installing.
243
    if (!Database::getConnectionInfo() && !drupal_installation_attempted() && PHP_SAPI !== 'cli') {
244
245
246
247
248
249
250
      $response = new RedirectResponse($request->getBasePath() . '/core/install.php');
      $response->prepare($request)->send();
    }

    return $kernel;
  }

251
252
253
254
  /**
   * Constructs a DrupalKernel object.
   *
   * @param string $environment
255
   *   String indicating the environment, e.g. 'prod' or 'dev'.
256
257
258
259
   * @param $class_loader
   *   The class loader. Normally \Composer\Autoload\ClassLoader, as included by
   *   the front controller, but may also be decorated; e.g.,
   *   \Symfony\Component\ClassLoader\ApcClassLoader.
260
261
262
   * @param bool $allow_dumping
   *   (optional) FALSE to stop the container from being written to or read
   *   from disk. Defaults to TRUE.
263
   */
264
  public function __construct($environment, $class_loader, $allow_dumping = TRUE) {
265
    $this->environment = $environment;
266
    $this->classLoader = $class_loader;
267
    $this->allowDumping = $allow_dumping;
268
    $this->root = dirname(dirname(substr(__DIR__, 0, -strlen(__NAMESPACE__))));
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
  }

  /**
   * Returns the appropriate site directory for a request.
   *
   * Once the kernel has been created DrupalKernelInterface::getSitePath() is
   * preferred since it gets the statically cached result of this method.
   *
   * Site directories contain all site specific code. This includes settings.php
   * for bootstrap level configuration, file configuration stores, public file
   * storage and site specific modules and themes.
   *
   * Finds a matching site directory file by stripping the website's hostname
   * from left to right and pathname from right to left. By default, the
   * directory must contain a 'settings.php' file for it to match. If the
   * parameter $require_settings is set to FALSE, then a directory without a
   * 'settings.php' file will match as well. The first configuration file found
   * will be used and the remaining ones will be ignored. If no configuration
   * file is found, returns a default value 'sites/default'. See
   * default.settings.php for examples on how the URL is converted to a
   * directory.
   *
   * If a file named sites.php is present in the sites directory, it will be
   * loaded prior to scanning for directories. That file can define aliases in
   * an associative array named $sites. The array is written in the format
   * '<port>.<domain>.<path>' => 'directory'. As an example, to create a
   * directory alias for http://www.drupal.org:8080/mysite/test whose
   * configuration file is in sites/example.com, the array should be defined as:
   * @code
   * $sites = array(
   *   '8080.www.drupal.org.mysite.test' => 'example.com',
   * );
   * @endcode
   *
   * @param \Symfony\Component\HttpFoundation\Request $request
   *   The current request.
   * @param bool $require_settings
   *   Only directories with an existing settings.php file will be recognized.
   *   Defaults to TRUE. During initial installation, this is set to FALSE so
   *   that Drupal can detect a matching directory, then create a new
   *   settings.php file in it.
   *
   * @return string
   *   The path of the matching directory.
   *
314
315
316
   * @throws \Symfony\Component\HttpKernel\Exception\BadRequestHttpException
   *   In case the host name in the request is invalid.
   *
317
318
319
320
321
322
   * @see \Drupal\Core\DrupalKernelInterface::getSitePath()
   * @see \Drupal\Core\DrupalKernelInterface::setSitePath()
   * @see default.settings.php
   * @see example.sites.php
   */
  public static function findSitePath(Request $request, $require_settings = TRUE) {
323
324
325
326
    if (static::validateHostname($request) === FALSE) {
      throw new BadRequestHttpException();
    }

327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
    // Check for a simpletest override.
    if ($test_prefix = drupal_valid_test_ua()) {
      return 'sites/simpletest/' . substr($test_prefix, 10);
    }

    // Determine whether multi-site functionality is enabled.
    if (!file_exists(DRUPAL_ROOT . '/sites/sites.php')) {
      return 'sites/default';
    }

    // Otherwise, use find the site path using the request.
    $script_name = $request->server->get('SCRIPT_NAME');
    if (!$script_name) {
      $script_name = $request->server->get('SCRIPT_FILENAME');
    }
342
    $http_host = $request->getHost();
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374

    $sites = array();
    include DRUPAL_ROOT . '/sites/sites.php';

    $uri = explode('/', $script_name);
    $server = explode('.', implode('.', array_reverse(explode(':', rtrim($http_host, '.')))));
    for ($i = count($uri) - 1; $i > 0; $i--) {
      for ($j = count($server); $j > 0; $j--) {
        $dir = implode('.', array_slice($server, -$j)) . implode('.', array_slice($uri, 0, $i));
        if (isset($sites[$dir]) && file_exists(DRUPAL_ROOT . '/sites/' . $sites[$dir])) {
          $dir = $sites[$dir];
        }
        if (file_exists(DRUPAL_ROOT . '/sites/' . $dir . '/settings.php') || (!$require_settings && file_exists(DRUPAL_ROOT . '/sites/' . $dir))) {
          return "sites/$dir";
        }
      }
    }
    return 'sites/default';
  }

  /**
   * {@inheritdoc}
   */
  public function setSitePath($path) {
    $this->sitePath = $path;
  }

  /**
   * {@inheritdoc}
   */
  public function getSitePath() {
    return $this->sitePath;
375
376
  }

377
378
379
380
381
382
383
  /**
   * {@inheritdoc}
   */
  public function getAppRoot() {
    return $this->root;
  }

384
  /**
385
   * {@inheritdoc}
386
387
388
   */
  public function boot() {
    if ($this->booted) {
389
390
391
392
393
394
395
396
397
      return $this;
    }

    // Start a page timer:
    Timer::start('page');

    // Ensure that findSitePath is set.
    if (!$this->sitePath) {
      throw new \Exception('Kernel does not have site path set before calling boot()');
398
    }
399
    // Initialize the container.
400
    $this->initializeContainer();
401
402
403
404
405
406

    // Ensure mt_rand() is reseeded to prevent random values from one page load
    // being exploited to predict random values in subsequent page loads.
    $seed = unpack("L", Crypt::randomBytes(4));
    mt_srand($seed[1]);

407
    $this->booted = TRUE;
408
409

    return $this;
410
411
  }

412
  /**
413
   * {@inheritdoc}
414
   */
415
416
417
418
  public function shutdown() {
    if (FALSE === $this->booted) {
      return;
    }
419
    $this->container->get('stream_wrapper_manager')->unregister();
420
    $this->booted = FALSE;
421
    $this->container = NULL;
422
423
    $this->moduleList = NULL;
    $this->moduleData = array();
424
425
426
427
428
429
430
431
432
  }

  /**
   * {@inheritdoc}
   */
  public function getContainer() {
    return $this->container;
  }

433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
  /**
   * {@inheritdoc}
   */
  public function loadLegacyIncludes() {
    require_once $this->root . '/core/includes/common.inc';
    require_once $this->root . '/core/includes/database.inc';
    require_once $this->root . '/core/includes/module.inc';
    require_once $this->root . '/core/includes/theme.inc';
    require_once $this->root . '/core/includes/pager.inc';
    require_once $this->root . '/core/includes/menu.inc';
    require_once $this->root . '/core/includes/tablesort.inc';
    require_once $this->root . '/core/includes/file.inc';
    require_once $this->root . '/core/includes/unicode.inc';
    require_once $this->root . '/core/includes/form.inc';
    require_once $this->root . '/core/includes/errors.inc';
    require_once $this->root . '/core/includes/schema.inc';
    require_once $this->root . '/core/includes/entity.inc';
  }

452
  /**
453
   * {@inheritdoc}
454
   */
455
  public function preHandle(Request $request) {
456
457
458

    $this->loadLegacyIncludes();

459
460
461
    // Load all enabled modules.
    $this->container->get('module_handler')->loadAll();

462
463
464
    // Register stream wrappers.
    $this->container->get('stream_wrapper_manager')->register();

465
466
467
    // Initialize legacy request globals.
    $this->initializeRequestGlobals($request);

468
469
    // Put the request on the stack.
    $this->container->get('request_stack')->push($request);
470
471
472
473
474
475
476
477
478
479
480

    // Set the allowed protocols once we have the config available.
    $allowed_protocols = $this->container->get('config.factory')->get('system.filter')->get('protocols');
    if (!isset($allowed_protocols)) {
      // \Drupal\Component\Utility\UrlHelper::filterBadProtocol() is called by
      // the installer and update.php, in which case the configuration may not
      // exist (yet). Provide a minimal default set of allowed protocols for
      // these cases.
      $allowed_protocols = array('http', 'https');
    }
    UrlHelper::setAllowedProtocols($allowed_protocols);
481
482
483

    // Override of Symfony's mime type guesser singleton.
    MimeTypeGuesser::registerWithSymfonyGuesser($this->container);
484

485
    $this->prepared = TRUE;
486
487
  }

488
489
490
491
  /**
   * {@inheritdoc}
   */
  public function discoverServiceProviders() {
492
    $this->serviceYamls = array(
493
494
      'app' => array(),
      'site' => array(),
495
    );
496
497
498
499
500
501
    $this->serviceProviderClasses = array(
      'app' => array(),
      'site' => array(),
    );
    $this->serviceYamls['app']['core'] = 'core/core.services.yml';
    $this->serviceProviderClasses['app']['core'] = 'Drupal\Core\CoreServiceProvider';
502

503
    // Retrieve enabled modules and register their namespaces.
504
    if (!isset($this->moduleList)) {
505
506
      $extensions = $this->getConfigStorage()->read('core.extension');
      $this->moduleList = isset($extensions['module']) ? $extensions['module'] : array();
507
    }
508
    $module_filenames = $this->getModuleFileNames();
509
    $this->classLoaderAddMultiplePsr4($this->getModuleNamespacesPsr4($module_filenames));
510

511
    // Load each module's serviceProvider class.
512
    foreach ($module_filenames as $module => $filename) {
katbailey's avatar
katbailey committed
513
      $camelized = ContainerBuilder::camelize($module);
514
515
      $name = "{$camelized}ServiceProvider";
      $class = "Drupal\\{$module}\\{$name}";
516
      if (class_exists($class)) {
517
        $this->serviceProviderClasses['app'][$module] = $class;
518
      }
519
      $filename = dirname($filename) . "/$module.services.yml";
520
      if (file_exists($filename)) {
521
        $this->serviceYamls['app'][$module] = $filename;
522
      }
523
    }
524

525
    // Add site-specific service providers.
526
    if (!empty($GLOBALS['conf']['container_service_providers'])) {
527
528
529
530
      foreach ($GLOBALS['conf']['container_service_providers'] as $class) {
        if (class_exists($class)) {
          $this->serviceProviderClasses['site'][] = $class;
        }
531
532
      }
    }
533
534
    if (!$this->addServiceFiles(Settings::get('container_yamls'))) {
      throw new \Exception('The container_yamls setting is missing from settings.php');
535
    }
536
537
538
539
540
  }

  /**
   * {@inheritdoc}
   */
541
542
  public function getServiceProviders($origin) {
    return $this->serviceProviders[$origin];
543
544
545
546
547
548
  }

  /**
   * {@inheritdoc}
   */
  public function terminate(Request $request, Response $response) {
549
550
551
    // Only run terminate() when essential services have been set up properly
    // by preHandle() before.
    if (FALSE === $this->prepared) {
552
553
554
555
556
557
558
559
560
561
562
      return;
    }

    if ($this->getHttpKernel() instanceof TerminableInterface) {
      $this->getHttpKernel()->terminate($request, $response);
    }
  }

  /**
   * {@inheritdoc}
   */
563
564
  public function handle(Request $request, $type = self::MASTER_REQUEST, $catch = TRUE) {
    $this->boot();
565
    return $this->getHttpKernel()->handle($request, $type, $catch);
566
567
  }

568
569
570
571
572
573
  /**
   * {@inheritdoc}
   */
  public function prepareLegacyRequest(Request $request) {
    $this->boot();
    $this->preHandle($request);
574
575
576
577
578
    // Setup services which are normally initialized from within stack
    // middleware or during the request kernel event.
    if (PHP_SAPI !== 'cli') {
      $request->setSession($this->container->get('session'));
    }
579
580
    $request->attributes->set(RouteObjectInterface::ROUTE_OBJECT, new Route('<none>'));
    $request->attributes->set(RouteObjectInterface::ROUTE_NAME, '<none>');
581
582
583
584
585
    $this->container->get('request_stack')->push($request);
    $this->container->get('router.request_context')->fromRequest($request);
    return $this;
  }

586
587
588
589
590
591
  /**
   * Returns module data on the filesystem.
   *
   * @param $module
   *   The name of the module.
   *
592
593
   * @return \Drupal\Core\Extension\Extension|bool
   *   Returns an Extension object if the module is found, FALSE otherwise.
594
595
596
   */
  protected function moduleData($module) {
    if (!$this->moduleData) {
597
      // First, find profiles.
598
      $listing = new ExtensionDiscovery($this->root);
599
600
601
602
      $listing->setProfileDirectories(array());
      $all_profiles = $listing->scan('profile');
      $profiles = array_intersect_key($all_profiles, $this->moduleList);

603
604
      // If a module is within a profile directory but specifies another
      // profile for testing, it needs to be found in the parent profile.
605
      $settings = $this->getConfigStorage()->read('simpletest.settings');
606
607
      $parent_profile = !empty($settings['parent_profile']) ? $settings['parent_profile'] : NULL;
      if ($parent_profile && !isset($profiles[$parent_profile])) {
608
609
        // In case both profile directories contain the same extension, the
        // actual profile always has precedence.
610
        $profiles = array($parent_profile => $all_profiles[$parent_profile]) + $profiles;
611
      }
612
613
614
615
616
617

      $profile_directories = array_map(function ($profile) {
        return $profile->getPath();
      }, $profiles);
      $listing->setProfileDirectories($profile_directories);

618
      // Now find modules.
619
      $this->moduleData = $profiles + $listing->scan('module');
620
621
622
623
    }
    return isset($this->moduleData[$module]) ? $this->moduleData[$module] : FALSE;
  }

624
625
  /**
   * Implements Drupal\Core\DrupalKernelInterface::updateModules().
626
627
628
   *
   * @todo Remove obsolete $module_list parameter. Only $module_filenames is
   *   needed.
629
   */
630
  public function updateModules(array $module_list, array $module_filenames = array()) {
631
    $this->moduleList = $module_list;
632
633
    foreach ($module_filenames as $name => $extension) {
      $this->moduleData[$name] = $extension;
634
    }
635

636
637
    // If we haven't yet booted, we don't need to do anything: the new module
    // list will take effect when boot() is called. If we have already booted,
638
639
    // then rebuild the container in order to refresh the serviceProvider list
    // and container.
640
    if ($this->booted) {
641
      $this->initializeContainer(TRUE);
642
643
    }
  }
644

645
  /**
646
   * Returns the classname based on environment.
647
648
649
650
651
   *
   * @return string
   *   The class name.
   */
  protected function getClassName() {
652
    $parts = array('service_container', $this->environment);
653
654
655
    return implode('_', $parts);
  }

656
657
658
659
660
661
662
663
664
  /**
   * Returns the container class namespace based on the environment.
   *
   * @return string
   *   The class name.
   */
  protected function getClassNamespace() {
    return 'Drupal\\Core\\DependencyInjection\\Container\\' . $this->environment;
  }
665
666
667
668
669
670
671
672
673
674
675
676

  /**
   * Returns the kernel parameters.
   *
   * @return array An array of kernel parameters
   */
  protected function getKernelParameters() {
    return array(
      'kernel.environment' => $this->environment,
    );
  }

677
678
  /**
   * Initializes the service container.
679
680
681
682
   *
   * @param bool $rebuild
   *   Force a container rebuild.
   * @return \Symfony\Component\DependencyInjection\ContainerInterface
683
   */
684
  protected function initializeContainer($rebuild = FALSE) {
685
    $this->containerNeedsDumping = FALSE;
686
    $session_manager_started = FALSE;
687
    if (isset($this->container)) {
688
689
690
691
692
      // Save the id of the currently logged in user.
      if ($this->container->initialized('current_user')) {
        $current_user_id = $this->container->get('current_user')->id();
      }

693
694
695
696
      // If there is a session manager, close and save the session.
      if ($this->container->initialized('session_manager')) {
        $session_manager = $this->container->get('session_manager');
        if ($session_manager->isStarted()) {
697
          $session_manager_started = TRUE;
698
          $session_manager->save();
699
700
701
        }
        unset($session_manager);
      }
702
    }
703

704
705
706
    // If the module list hasn't already been set in updateModules and we are
    // not forcing a rebuild, then try and load the container from the disk.
    if (empty($this->moduleList) && !$rebuild) {
707
      $fully_qualified_class_name = '\\' . $this->getClassNamespace() . '\\' . $this->getClassName();
708
709

      // First, try to load from storage.
710
711
      if (!class_exists($fully_qualified_class_name, FALSE)) {
        $this->storage()->load($this->getClassName() . '.php');
712
713
      }
      // If the load succeeded or the class already existed, use it.
714
      if (class_exists($fully_qualified_class_name, FALSE)) {
715
        $container = new $fully_qualified_class_name;
716
717
      }
    }
718
719
720
721
722

    if (!isset($container)) {
      $container = $this->compileContainer();
    }

723
    $this->attachSynthetic($container);
724
725

    $this->container = $container;
726
    if ($session_manager_started) {
727
728
      $this->container->get('session_manager')->start();
    }
729
730
731
732
733
734
735
736
737
738

    // The request stack is preserved across container rebuilds. Reinject the
    // new session into the master request if one was present before.
    if (($request_stack = $this->container->get('request_stack', ContainerInterface::NULL_ON_INVALID_REFERENCE))) {
      if ($request = $request_stack->getMasterRequest()) {
        if ($request->hasSession()) {
          $request->setSession($this->container->get('session'));
        }
      }
    }
739
740
741
742
743

    if (!empty($current_user_id)) {
      $this->container->get('current_user')->setInitialAccountId($current_user_id);
    }

744
    \Drupal::setContainer($this->container);
745
746
747
748
749
750

    // If needs dumping flag was set, dump the container.
    if ($this->containerNeedsDumping && !$this->dumpDrupalContainer($this->container, static::CONTAINER_BASE_CLASS)) {
      $this->container->get('logger.factory')->get('DrupalKernel')->notice('Container cannot be written to disk');
    }

751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
    return $this->container;
  }

  /**
   * Setup a consistent PHP environment.
   *
   * This method sets PHP environment options we want to be sure are set
   * correctly for security or just saneness.
   */
  public static function bootEnvironment() {
    if (static::$isEnvironmentInitialized) {
      return;
    }

    // Enforce E_STRICT, but allow users to set levels not part of E_STRICT.
    error_reporting(E_STRICT | E_ALL);

    // Override PHP settings required for Drupal to work properly.
    // sites/default/default.settings.php contains more runtime settings.
    // The .htaccess file contains settings that cannot be changed at runtime.

    // Use session cookies, not transparent sessions that puts the session id in
    // the query string.
    ini_set('session.use_cookies', '1');
    ini_set('session.use_only_cookies', '1');
    ini_set('session.use_trans_sid', '0');
    // Don't send HTTP headers using PHP's session handler.
    // Send an empty string to disable the cache limiter.
    ini_set('session.cache_limiter', '');
    // Use httponly session cookies.
    ini_set('session.cookie_httponly', '1');

    // Set sane locale settings, to ensure consistent string, dates, times and
    // numbers handling.
    setlocale(LC_ALL, 'C');

    // Detect string handling method.
    Unicode::check();

    // Indicate that code is operating in a test child site.
    if (!defined('DRUPAL_TEST_IN_CHILD_SITE')) {
      if ($test_prefix = drupal_valid_test_ua()) {
        // Only code that interfaces directly with tests should rely on this
        // constant; e.g., the error/exception handler conditionally adds further
        // error information into HTTP response headers that are consumed by
        // Simpletest's internal browser.
        define('DRUPAL_TEST_IN_CHILD_SITE', TRUE);

        // Log fatal errors to the test site directory.
        ini_set('log_errors', 1);
        ini_set('error_log', DRUPAL_ROOT . '/sites/simpletest/' . substr($test_prefix, 10) . '/error.log');
      }
      else {
        // Ensure that no other code defines this.
        define('DRUPAL_TEST_IN_CHILD_SITE', FALSE);
      }
    }

    // Set the Drupal custom error handler.
    set_error_handler('_drupal_error_handler');
    set_exception_handler('_drupal_exception_handler');

    static::$isEnvironmentInitialized = TRUE;
  }

  /**
   * Bootstraps the legacy global request variables.
   *
   * @param \Symfony\Component\HttpFoundation\Request $request
   *   The current request.
   *
   * @todo D8: Eliminate this entirely in favor of Request object.
   */
  protected function initializeRequestGlobals(Request $request) {
    // Provided by settings.php.
    global $base_url;
    // Set and derived from $base_url by this function.
828
    global $base_path, $base_root;
829
830
831
832
833
834
835
836
837
838
839
840
    global $base_secure_url, $base_insecure_url;

    // @todo Refactor with the Symfony Request object.
    if (isset($base_url)) {
      // Parse fixed base URL from settings.php.
      $parts = parse_url($base_url);
      if (!isset($parts['path'])) {
        $parts['path'] = '';
      }
      $base_path = $parts['path'] . '/';
      // Build $base_root (everything until first slash after "scheme://").
      $base_root = substr($base_url, 0, strlen($base_url) - strlen($parts['path']));
841
    }
842
    else {
843
      // Create base URL.
844
      $base_root = $request->getSchemeAndHttpHost();
845
846
847
848
849
850

      $base_url = $base_root;

      // For a request URI of '/index.php/foo', $_SERVER['SCRIPT_NAME'] is
      // '/index.php', whereas $_SERVER['PHP_SELF'] is '/index.php/foo'.
      if ($dir = rtrim(dirname($request->server->get('SCRIPT_NAME')), '\/')) {
851
852
        // Remove "core" directory if present, allowing install.php,
        // authorize.php, and others to auto-detect a base path.
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
        $core_position = strrpos($dir, '/core');
        if ($core_position !== FALSE && strlen($dir) - 5 == $core_position) {
          $base_path = substr($dir, 0, $core_position);
        }
        else {
          $base_path = $dir;
        }
        $base_url .= $base_path;
        $base_path .= '/';
      }
      else {
        $base_path = '/';
      }
    }
    $base_secure_url = str_replace('http://', 'https://', $base_url);
    $base_insecure_url = str_replace('https://', 'http://', $base_url);
  }
870

871
872
873
  /**
   * Returns service instances to persist from an old container to a new one.
   */
874
  protected function getServicesToPersist(ContainerInterface $container) {
875
    $persist = array();
876
877
878
879
    foreach ($container->getParameter('persistIds') as $id) {
      // It's pointless to persist services not yet initialized.
      if ($container->initialized($id)) {
        $persist[$id] = $container->get($id);
880
881
882
883
884
885
886
887
      }
    }
    return $persist;
  }

  /**
   * Moves persistent service instances into a new container.
   */
888
  protected function persistServices(ContainerInterface $container, array $persist) {
889
890
891
    foreach ($persist as $id => $object) {
      // Do not override services already set() on the new container, for
      // example 'service_container'.
892
893
      if (!$container->initialized($id)) {
        $container->set($id, $object);
894
895
896
897
      }
    }
  }

898
  /**
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
   * Force a container rebuild.
   *
   * @return \Symfony\Component\DependencyInjection\ContainerInterface
   */
  public function rebuildContainer() {
    // Empty module properties and for them to be reloaded from scratch.
    $this->moduleList = NULL;
    $this->moduleData = array();
    return $this->initializeContainer(TRUE);
  }

  /**
   * Attach synthetic values on to kernel.
   *
   * @param ContainerInterface $container
   *   Container object
915
   *
916
917
   * @return ContainerInterface
   */
918
  protected function attachSynthetic(ContainerInterface $container) {
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
    $persist = array();
    if (isset($this->container)) {
      $persist = $this->getServicesToPersist($this->container);
    }
    $this->persistServices($container, $persist);

    // All namespaces must be registered before we attempt to use any service
    // from the container.
    $this->classLoaderAddMultiplePsr4($container->getParameter('container.namespaces'));

    $container->set('kernel', $this);

    // Set the class loader which was registered as a synthetic service.
    $container->set('class_loader', $this->classLoader);
    return $container;
  }

  /**
   * Compiles a new service container.
938
939
940
   *
   * @return ContainerBuilder The compiled service container
   */
941
942
943
944
945
946
947
948
  protected function compileContainer() {
    // We are forcing a container build so it is reasonable to assume that the
    // calling method knows something about the system has changed requiring the
    // container to be dumped to the filesystem.
    if ($this->allowDumping) {
      $this->containerNeedsDumping = TRUE;
    }

949
    $this->initializeServiceProviders();
950
    $container = $this->getContainerBuilder();
951
    $container->set('kernel', $this);
952
    $container->setParameter('container.modules', $this->getModulesParameter());
953
954

    // Get a list of namespaces and put it onto the container.
955
    $namespaces = $this->getModuleNamespacesPsr4($this->getModuleFileNames());
956
957
958
959
960
    // Add all components in \Drupal\Core and \Drupal\Component that have one of
    // the following directories:
    // - Element
    // - Entity
    // - Plugin
961
    foreach (array('Core', 'Component') as $parent_directory) {
962
      $path = 'core/lib/Drupal/' . $parent_directory;
963
      $parent_namespace = 'Drupal\\' . $parent_directory;
964
      foreach (new \DirectoryIterator($this->root . '/' . $path) as $component) {
965
966
967
968
969
970
971
        /** @var $component \DirectoryIterator */
        $pathname = $component->getPathname();
        if (!$component->isDot() && $component->isDir() && (
          is_dir($pathname . '/Plugin') ||
          is_dir($pathname . '/Entity') ||
          is_dir($pathname . '/Element')
        )) {
972
          $namespaces[$parent_namespace . '\\' . $component->getFilename()] = $path . '/' . $component->getFilename();
973
974
975
        }
      }
    }
976
977
    $container->setParameter('container.namespaces', $namespaces);

978
979
980
981
982
983
    // Store the default language values on the container. This is so that the
    // default language can be configured using the configuration factory. This
    // avoids the circular dependencies that would created by
    // \Drupal\language\LanguageServiceProvider::alter() and allows the default
    // language to not be English in the installer.
    $default_language_values = Language::$defaultValues;
984
985
    if ($system = $this->getConfigStorage()->read('system.site')) {
      if ($default_language_values['id'] != $system['langcode']) {
986
        $default_language_values = array('id' => $system['langcode']);
987
      }
988
989
990
    }
    $container->setParameter('language.default_values', $default_language_values);

991
    // Register synthetic services.
992
    $container->register('class_loader')->setSynthetic(TRUE);
993
994
    $container->register('kernel', 'Symfony\Component\HttpKernel\KernelInterface')->setSynthetic(TRUE);
    $container->register('service_container', 'Symfony\Component\DependencyInjection\ContainerInterface')->setSynthetic(TRUE);
995
996

    // Register application services.
997
    $yaml_loader = new YamlFileLoader($container);
998
999
1000
1001
1002
1003
1004
1005
1006
1007
    foreach ($this->serviceYamls['app'] as $filename) {
      $yaml_loader->load($filename);
    }
    foreach ($this->serviceProviders['app'] as $provider) {
      if ($provider instanceof ServiceProviderInterface) {
        $provider->register($container);
      }
    }
    // Register site-specific service overrides.
    foreach ($this->serviceYamls['site'] as $filename) {
1008
1009
      $yaml_loader->load($filename);
    }
1010
    foreach ($this->serviceProviders['site'] as $provider) {
1011
1012
1013
      if ($provider instanceof ServiceProviderInterface) {
        $provider->register($container);
      }
1014
    }
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027

    // Identify all services whose instances should be persisted when rebuilding
    // the container during the lifetime of the kernel (e.g., during a kernel
    // reboot). Include synthetic services, because by definition, they cannot
    // be automatically reinstantiated. Also include services tagged to persist.
    $persist_ids = array();
    foreach ($container->getDefinitions() as $id => $definition) {
      if ($definition->isSynthetic() || $definition->getTag('persist')) {
        $persist_ids[] = $id;
      }
    }
    $container->setParameter('persistIds', $persist_ids);

1028
    $container->compile();
1029
1030
    return $container;
  }
1031

1032
1033
1034
1035
1036
1037
  /**
   * Registers all service providers to the kernel.
   *
   * @throws \LogicException
   */
  protected function initializeServiceProviders() {
1038
1039
1040
1041
1042
1043
1044
1045
    $this->discoverServiceProviders();
    $this->serviceProviders = array(
      'app' => array(),
      'site' => array(),
    );
    foreach ($this->serviceProviderClasses as $origin => $classes) {
      foreach ($classes as $name => $class) {
        $this->serviceProviders[$origin][$name] = new $class;
1046
1047
1048
1049
      }
    }
  }

1050
1051
1052
1053
1054
  /**
   * Gets a new ContainerBuilder instance used to build the service container.
   *
   * @return ContainerBuilder
   */
1055
  protected function getContainerBuilder() {
1056
1057
1058
    return new ContainerBuilder(new ParameterBag($this->getKernelParameters()));
  }

1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
  /**
   * Dumps the service container to PHP code in the config directory.
   *
   * This method is based on the dumpContainer method in the parent class, but
   * that method is reliant on the Config component which we do not use here.
   *
   * @param ContainerBuilder $container
   *   The service container.
   * @param string $baseClass
   *   The name of the container's base class
   *
   * @return bool
   *   TRUE if the container was successfully dumped to disk.
   */
  protected function dumpDrupalContainer(ContainerBuilder $container, $baseClass) {
1074
    if (!$this->storage()->writeable()) {
1075
1076
1077
1078
      return FALSE;
    }
    // Cache the container.
    $dumper = new PhpDumper($container);
1079
    $dumper->setProxyDumper(new ProxyDumper(new ProxyBuilder()));
1080
    $class = $this->getClassName();
1081
1082
1083
1084
1085
1086
    $namespace = $this->getClassNamespace();
    $content = $dumper->dump([
      'class' => $class,
      'base_class' => $baseClass,
      'namespace' => $namespace,
    ]);
1087
    return $this->storage()->save($class . '.php', $content);
1088
1089
  }

1090
1091
1092
1093

  /**
   * Gets a http kernel from the container
   *
1094
   * @return \Symfony\Component\HttpKernel\HttpKernelInterface
1095
1096
1097
1098
1099
   */
  protected function getHttpKernel() {
    return $this->container->get('http_kernel');
  }

1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
  /**
   * Gets the PHP code storage object to use for the compiled container.
   *
   * @return \Drupal\Component\PhpStorage\PhpStorageInterface
   */
  protected function storage() {
    if (!isset($this->storage)) {
      $this->storage = PhpStorageFactory::get('service_container');
    }
    return $this->storage;
  }

1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
  /**
   * Returns the active configuration storage to use during building the container.
   *
   * @return \Drupal\Core\Config\StorageInterface
   */
  protected function getConfigStorage() {
    if (!isset($this->configStorage)) {
      // The active configuration storage may not exist yet; e.g., in the early
      // installer. Catch the exception thrown by config_get_config_directory().
      try {
1122
        $this->configStorage = BootstrapConfigStorageFactory::get($this->classLoader);
1123
1124
1125
1126
1127
1128
1129
1130
      }
      catch (\Exception $e) {
        $this->configStorage = new NullStorage();
      }
    }
    return $this->configStorage;
  }

1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
  /**
   * Returns an array of Extension class parameters for all enabled modules.
   *
   * @return array
   */
  protected function getModulesParameter() {
    $extensions = array();
    foreach ($this->moduleList as $name => $weight) {
      if ($data = $this->moduleData($name)) {
        $extensions[$name] = array(
          'type' => $data->getType(),
          'pathname' => $data->getPathname(),
          'filename' => $data->getExtensionFilename(),
        );
      }
    }
    return $extensions;
  }

1150
  /**
1151
1152
1153
1154
1155
   * Gets the file name for each enabled module.
   *
   * @return array
   *   Array where each key is a module name, and each value is a path to the
   *   respective *.module or *.profile file.
1156
1157
1158
1159
1160
   */
  protected function getModuleFileNames() {
    $filenames = array();
    foreach ($this->moduleList as $module => $weight) {
      if ($data = $this->moduleData($module)) {
1161
        $filenames[$module] = $data->getPathname();
1162
1163
1164
1165
1166
      }
    }
    return $filenames;
  }

1167
1168
1169
  /**
   * Gets the PSR-4 base directories for module namespaces.
   *
1170
   * @param string[] $module_file_names
1171
1172
1173
   *   Array where each key is a module name, and each value is a path to the
   *   respective *.module or *.profile file.
   *
1174
   * @return string[]
1175
   *   Array where each key is a module namespace like 'Drupal\system', and each
1176
   *   value is the PSR-4 base directory associated with the module namespace.
1177
1178
1179
1180
   */
  protected function getModuleNamespacesPsr4($module_file_names) {
    $namespaces = array();
    foreach ($module_file_names as $module => $filename) {
1181
      $namespaces["Drupal\\$module"] = dirname($filename) . '/src';
1182
1183
1184
1185
    }
    return $namespaces;
  }

1186
1187
1188
1189
1190
1191
1192
1193
  /**
   * Registers a list of namespaces with PSR-4 directories for class loading.
   *
   * @param array $namespaces
   *   Array where each key is a namespace like 'Drupal\system', and each value
   *   is either a PSR-4 base directory, or an array of PSR-4 base directories
   *   associated with this namespace.
   */
1194
  protected function classLoaderAddMultiplePsr4(array $namespaces = array()) {
1195
    foreach ($namespaces as $prefix => $paths) {
1196
1197
1198
1199
1200
1201
1202
1203
      if (is_array($paths)) {
        foreach ($paths as $key => $value) {
          $paths[$key] = $this->root . '/' . $value;
        }
      }
      elseif (is_string($paths)) {
        $paths = $this->root . '/' . $paths;
      }
1204
1205
1206
1207
      $this->classLoader->addPsr4($prefix . '\\', $paths);
    }
  }

1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
  /**
   * Validates a hostname length.
   *
   * @param string $host
   *   A hostname.
   *
   * @return bool
   *   TRUE if the length is appropriate, or FALSE otherwise.
   */
  protected static function validateHostnameLength($host) {
    // Limit the length of the host name to 1000 bytes to prevent DoS attacks
    // with long host names.
    return strlen($host) <= 1000
    // Limit the number of subdomains and port separators to prevent DoS attacks
    // in findSitePath().
    && substr_count($host, '.') <= 100
    && substr_count($host, ':') <= 100;
  }

  /**
   * Validates the hostname supplied from the HTTP request.
   *
   * @param \Symfony\Component\HttpFoundation\Request $request
   *   The request object
   *
   * @return bool
   *   TRUE if the hostmame is valid, or FALSE otherwise.
   *
   * @todo Adjust per resolution to https://github.com/symfony/symfony/issues/12349
   */
  public static function validateHostname(Request $request) {
    // $request->getHost() can throw an UnexpectedValueException if it
    // detects a bad hostname, but it does not validate the length.
    try {
      $http_host = $request->getHost();
    }
    catch (\UnexpectedValueException $e) {
      return FALSE;
    }

    if (static::validateHostnameLength($http_host) === FALSE) {
      return FALSE;
    }

    return TRUE;
  }

1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
  /**
   * Sets up the lists of trusted HTTP Host headers.
   *
   * Since the HTTP Host header can be set by the user making the request, it
   * is possible to create an attack vectors against a site by overriding this.
   * Symfony provides a mechanism for creating a list of trusted Host values.
   *
   * Host patterns (as regular expressions) can be configured throught
   * settings.php for multisite installations, sites using ServerAlias without
   * canonical redirection, or configurations where the site responds to default
   * requests. For example,
   *
   * @code
   * $settings['trusted_host_patterns'] = array(
   *   '^example\.com$',
   *   '^*.example\.com$',
   * );
   * @endcode
   *
   * @param \Symfony\Component\HttpFoundation\Request $request
   *   The request object.
1276
   * @param array $host_patterns
1277
1278
1279
1280
1281
1282
   *   The array of trusted host patterns.
   *
   * @return boolean
   *   TRUE if the Host header is trusted, FALSE otherwise.
   *
   * @see https://www.drupal.org/node/1992030
1283
   * @see \Drupal\Core\Http\TrustedHostsRequestFactory
1284
   */
1285
1286
  protected static function setupTrustedHosts(Request $request, $host_patterns) {
    $request->setTrustedHosts($host_patterns);
1287
1288
1289

    // Get the host, which will validate the current request.
    try {
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
      $host = $request->getHost();

      // Fake requests created through Request::create() without passing in the
      // server variables from the main request have a default host of
      // 'localhost'. If 'localhost' does not match any of the trusted host
      // patterns these fake requests would fail the host verification. Instead,
      // TrustedHostsRequestFactory makes sure to pass in the server variables
      // from the main request.
      $request_factory = new TrustedHostsRequestFactory($host);
      Request::setFactory([$request_factory, 'createRequest']);

1301
1302
1303
1304
1305
1306
1307
    }
    catch (\UnexpectedValueException $e) {
      return FALSE;
    }

    return TRUE;
  }
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324

  /**
   * Add service files.
   *
   * @param $service_yamls
   *   A list of service files.
   *
   * @return bool
   *   TRUE if the list was an array, FALSE otherwise.
   */
  protected function addServiceFiles($service_yamls) {
    if (is_array($service_yamls)) {
      $this->serviceYamls['site'] = array_filter($service_yamls, 'file_exists');
      return TRUE;
    }
    return FALSE;
  }
1325
}