bootstrap.inc 87.8 KB
Newer Older
1
<?php
Dries's avatar
 
Dries committed
2

3
use Drupal\Component\Utility\Crypt;
4
use Drupal\Component\Utility\NestedArray;
5
use Drupal\Component\Utility\Settings;
6
use Drupal\Component\Utility\String;
7
use Drupal\Component\Utility\Timer;
8
use Drupal\Component\Utility\Unicode;
9
use Drupal\Component\Utility\Url;
10
use Drupal\Core\DrupalKernel;
11
use Drupal\Core\Database\Database;
12
use Drupal\Core\DependencyInjection\ContainerBuilder;
13
use Drupal\Core\Extension\ExtensionDiscovery;
14
use Drupal\Core\Utility\Title;
15
use Drupal\Core\Utility\Error;
16
use Symfony\Component\ClassLoader\ApcClassLoader;
17
use Symfony\Component\DependencyInjection\ContainerInterface;
18
use Symfony\Component\DependencyInjection\Container;
katbailey's avatar
katbailey committed
19
use Symfony\Component\DependencyInjection\Reference;
20
use Symfony\Component\DependencyInjection\Exception\RuntimeException as DependencyInjectionRuntimeException;
21
use Symfony\Component\HttpFoundation\Request;
22
use Symfony\Component\HttpFoundation\Response;
23
use Drupal\Core\Language\Language;
24 25
use Drupal\Core\Lock\DatabaseLockBackend;
use Drupal\Core\Lock\LockBackendInterface;
26
use Drupal\Core\Session\UserSession;
27

Dries's avatar
 
Dries committed
28 29 30 31
/**
 * @file
 * Functions that need to be loaded on every Drupal request.
 */
Dries's avatar
 
Dries committed
32

33 34 35
/**
 * Minimum supported version of PHP.
 */
36
const DRUPAL_MINIMUM_PHP = '5.4.2';
37 38 39 40

/**
 * Minimum recommended value of PHP memory_limit.
 */
41
const DRUPAL_MINIMUM_PHP_MEMORY_LIMIT = '32M';
42

43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62
/**
 * Error reporting level: display no errors.
 */
const ERROR_REPORTING_HIDE = 'hide';

/**
 * Error reporting level: display errors and warnings.
 */
const ERROR_REPORTING_DISPLAY_SOME = 'some';

/**
 * Error reporting level: display all messages.
 */
const ERROR_REPORTING_DISPLAY_ALL = 'all';

/**
 * Error reporting level: display all messages, plus backtrace information.
 */
const ERROR_REPORTING_DISPLAY_VERBOSE = 'verbose';

63 64 65 66 67 68
/**
 * @defgroup logging_severity_levels Logging severity levels
 * @{
 * Logging severity levels as defined in RFC 3164.
 *
 * The WATCHDOG_* constant definitions correspond to the logging severity levels
69
 * defined in RFC 3164, section 4.1.1. PHP supplies predefined LOG_* constants
70
 * for use in the syslog() function, but their values on Windows builds do not
71
 * correspond to RFC 3164. The associated PHP bug report was closed with the
72 73 74 75 76 77 78 79 80 81 82 83 84 85
 * comment, "And it's also not a bug, as Windows just have less log levels,"
 * and "So the behavior you're seeing is perfectly normal."
 *
 * @see http://www.faqs.org/rfcs/rfc3164.html
 * @see http://bugs.php.net/bug.php?id=18090
 * @see http://php.net/manual/function.syslog.php
 * @see http://php.net/manual/network.constants.php
 * @see watchdog()
 * @see watchdog_severity_levels()
 */

/**
 * Log message severity -- Emergency: system is unusable.
 */
86
const WATCHDOG_EMERGENCY = 0;
87 88 89 90

/**
 * Log message severity -- Alert: action must be taken immediately.
 */
91
const WATCHDOG_ALERT = 1;
92 93

/**
94
 * Log message severity -- Critical conditions.
95
 */
96
const WATCHDOG_CRITICAL = 2;
97 98

/**
99
 * Log message severity -- Error conditions.
100
 */
101
const WATCHDOG_ERROR = 3;
102 103

/**
104
 * Log message severity -- Warning conditions.
105
 */
106
const WATCHDOG_WARNING = 4;
107 108

/**
109
 * Log message severity -- Normal but significant conditions.
110
 */
111
const WATCHDOG_NOTICE = 5;
112 113

/**
114
 * Log message severity -- Informational messages.
115
 */
116
const WATCHDOG_INFO = 6;
117 118

/**
119
 * Log message severity -- Debug-level messages.
120
 */
121
const WATCHDOG_DEBUG = 7;
122 123 124 125 126

/**
 * @} End of "defgroup logging_severity_levels".
 */

127 128 129
/**
 * First bootstrap phase: initialize configuration.
 */
130
const DRUPAL_BOOTSTRAP_CONFIGURATION = 0;
131 132

/**
133
 * Second bootstrap phase, initalize a kernel.
134
 */
135
const DRUPAL_BOOTSTRAP_KERNEL = 1;
136 137

/**
138
 * Third bootstrap phase: try to serve a cached page.
139
 */
140
const DRUPAL_BOOTSTRAP_PAGE_CACHE = 2;
141 142

/**
143
 * Fourth bootstrap phase: load code for subsystems and modules.
144
 */
145
const DRUPAL_BOOTSTRAP_CODE = 3;
146 147

/**
148
 * Final bootstrap phase: initialize language, path, theme, and modules.
149
 */
150
const DRUPAL_BOOTSTRAP_FULL = 4;
151

152 153 154
/**
 * Role ID for anonymous users; should match what's in the "role" table.
 */
155
const DRUPAL_ANONYMOUS_RID = 'anonymous';
156 157 158 159

/**
 * Role ID for authenticated users; should match what's in the "role" table.
 */
160
const DRUPAL_AUTHENTICATED_RID = 'authenticated';
161

162
/**
163 164 165
 * The number of bytes in a kilobyte.
 *
 * For more information, visit http://en.wikipedia.org/wiki/Kilobyte.
166
 */
167
const DRUPAL_KILOBYTE = 1024;
168

169 170 171 172 173
/**
 * The maximum number of characters in a module or theme name.
 */
const DRUPAL_EXTENSION_NAME_MAX_LENGTH = 50;

174
/**
175
 * Time of the current request in seconds elapsed since the Unix Epoch.
176
 *
177 178 179 180 181 182
 * This differs from $_SERVER['REQUEST_TIME'], which is stored as a float
 * since PHP 5.4.0. Float timestamps confuse most PHP functions
 * (including date_create()).
 *
 * @see http://php.net/manual/reserved.variables.server.php
 * @see http://php.net/manual/function.time.php
183
 */
184
define('REQUEST_TIME', (int) $_SERVER['REQUEST_TIME']);
185

186 187
/**
 * Flag for drupal_set_title(); text has already been sanitized.
188 189
 *
 * @todo Move to the Title class.
190
 */
191
const PASS_THROUGH = -1;
192

193 194 195
/**
 * Regular expression to match PHP function names.
 *
196
 * @see http://php.net/manual/language.functions.php
197
 */
198
const DRUPAL_PHP_FUNCTION_PATTERN = '[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*';
199

200 201 202
/**
 * $config_directories key for active directory.
 *
203
 * @see config_get_config_directory()
204 205 206 207 208 209
 */
const CONFIG_ACTIVE_DIRECTORY = 'active';

/**
 * $config_directories key for staging directory.
 *
210
 * @see config_get_config_directory()
211 212 213
 */
const CONFIG_STAGING_DIRECTORY = 'staging';

214 215 216 217 218 219 220
/**
 * Defines the root directory of the Drupal installation.
 *
 * This strips two levels of directories off the current directory.
 */
define('DRUPAL_ROOT', dirname(dirname(__DIR__)));

Dries's avatar
 
Dries committed
221
/**
222
 * Returns the appropriate configuration directory.
Dries's avatar
 
Dries committed
223
 *
224 225 226 227
 * Returns the configuration path based on the site's hostname, port, and
 * pathname. Uses find_conf_path() to find the current configuration directory.
 * See default.settings.php for examples on how the URL is converted to a
 * directory.
228
 *
229
 * @param bool $require_settings
230 231 232 233
 *   Only configuration directories with an existing settings.php file
 *   will be recognized. Defaults to TRUE. During initial installation,
 *   this is set to FALSE so that Drupal can detect a matching directory,
 *   then create a new settings.php file in it.
234
 * @param bool $reset
235
 *   Force a full search for matching directories even if one had been
236 237
 *   found previously. Defaults to FALSE.
 *
238 239
 * @return
 *   The path of the matching directory.
240 241
 *
 * @see default.settings.php
Dries's avatar
 
Dries committed
242
 */
243
function conf_path($require_settings = TRUE, $reset = FALSE) {
244
  static $conf_path;
Dries's avatar
 
Dries committed
245

246
  if (isset($conf_path) && !$reset) {
247
    return $conf_path;
Dries's avatar
Dries committed
248
  }
Dries's avatar
 
Dries committed
249

250
  // Check for a simpletest override.
251 252
  if ($test_prefix = drupal_valid_test_ua()) {
    $conf_path = 'sites/simpletest/' . substr($test_prefix, 10);
253
    return $conf_path;
254 255 256
  }

  // Otherwise, use the normal $conf_path.
257 258 259 260 261
  $script_name = $_SERVER['SCRIPT_NAME'];
  if (!$script_name) {
    $script_name = $_SERVER['SCRIPT_FILENAME'];
  }
  $http_host = $_SERVER['HTTP_HOST'];
262 263
  $conf_path = find_conf_path($http_host, $script_name, $require_settings);
  return $conf_path;
264 265 266 267 268
}

/**
 * Finds the appropriate configuration directory for a given host and path.
 *
269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289
 * Finds a matching configuration directory file by stripping the website's
 * hostname from left to right and pathname from right to left. By default,
 * the directory must contain a 'settings.php' file for it to match. If the
 * parameter $require_settings is set to FALSE, then a directory without a
 * 'settings.php' file will match as well. The first configuration
 * file found will be used and the remaining ones will be ignored. If no
 * configuration file is found, returns a default value '$confdir/default'. See
 * default.settings.php for examples on how the URL is converted to a directory.
 *
 * If a file named sites.php is present in the $confdir, it will be loaded
 * prior to scanning for directories. That file can define aliases in an
 * associative array named $sites. The array is written in the format
 * '<port>.<domain>.<path>' => 'directory'. As an example, to create a
 * directory alias for http://www.drupal.org:8080/mysite/test whose configuration
 * file is in sites/example.com, the array should be defined as:
 * @code
 * $sites = array(
 *   '8080.www.drupal.org.mysite.test' => 'example.com',
 * );
 * @endcode
 *
290 291 292 293
 * @param $http_host
 *   The hostname and optional port number, e.g. "www.example.com" or
 *   "www.example.com:8080".
 * @param $script_name
294
 *   The part of the URL following the hostname, including the leading slash.
295 296 297
 * @param $require_settings
 *   Defaults to TRUE. If TRUE, then only match directories with a
 *   'settings.php' file. Otherwise match any directory.
298 299 300 301
 *
 * @return
 *   The path of the matching configuration directory.
 *
302 303
 * @see default.settings.php
 * @see example.sites.php
304 305 306
 * @see conf_path()
 */
function find_conf_path($http_host, $script_name, $require_settings = TRUE) {
307 308 309 310
  // Determine whether multi-site functionality is enabled.
  if (!file_exists(DRUPAL_ROOT . '/sites/sites.php')) {
    return 'sites/default';
  }
311 312

  $sites = array();
313
  include DRUPAL_ROOT . '/sites/sites.php';
314

315 316
  $uri = explode('/', $script_name);
  $server = explode('.', implode('.', array_reverse(explode(':', rtrim($http_host, '.')))));
Dries's avatar
Dries committed
317 318 319
  for ($i = count($uri) - 1; $i > 0; $i--) {
    for ($j = count($server); $j > 0; $j--) {
      $dir = implode('.', array_slice($server, -$j)) . implode('.', array_slice($uri, 0, $i));
320
      if (isset($sites[$dir]) && file_exists(DRUPAL_ROOT . '/sites/' . $sites[$dir])) {
321 322
        $dir = $sites[$dir];
      }
323 324
      if (file_exists(DRUPAL_ROOT . '/sites/' . $dir . '/settings.php') || (!$require_settings && file_exists(DRUPAL_ROOT . '/sites/' . $dir))) {
        return "sites/$dir";
Dries's avatar
Dries committed
325
      }
Dries's avatar
 
Dries committed
326 327
    }
  }
328
  return 'sites/default';
Dries's avatar
 
Dries committed
329 330
}

331
/**
332 333 334 335 336
 * Returns the path of a configuration directory.
 *
 * @param string $type
 *   (optional) The type of config directory to return. Drupal core provides
 *   'active' and 'staging'. Defaults to CONFIG_ACTIVE_DIRECTORY.
337 338 339 340
 *
 * @return string
 *   The configuration directory path.
 */
341 342
function config_get_config_directory($type = CONFIG_ACTIVE_DIRECTORY) {
  global $config_directories;
343

344
  if (!empty($config_directories[$type])) {
345
    return $config_directories[$type];
346
  }
347
  throw new Exception(format_string('The configuration directory type %type does not exist.', array('%type' => $type)));
348 349
}

350
/**
351
 * Sets appropriate server variables needed for command line scripts to work.
352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368
 *
 * This function can be called by command line scripts before bootstrapping
 * Drupal, to ensure that the page loads with the desired server parameters.
 * This is because many parts of Drupal assume that they are running in a web
 * browser and therefore use information from the global PHP $_SERVER variable
 * that does not get set when Drupal is run from the command line.
 *
 * In many cases, the default way in which this function populates the $_SERVER
 * variable is sufficient, and it can therefore be called without passing in
 * any input. However, command line scripts running on a multisite installation
 * (or on any installation that has settings.php stored somewhere other than
 * the sites/default folder) need to pass in the URL of the site to allow
 * Drupal to detect the correct location of the settings.php file. Passing in
 * the 'url' parameter is also required for functions like request_uri() to
 * return the expected values.
 *
 * Most other parameters do not need to be passed in, but may be necessary in
369
 * some cases; for example, if \Drupal::request()->getClientIP()
370 371 372
 * needs to return anything but the standard localhost value ('127.0.0.1'),
 * the command line script should pass in the desired value via the
 * 'REMOTE_ADDR' key.
373 374
 *
 * @param $variables
375 376 377 378 379 380
 *   (optional) An associative array of variables within
 *   \Drupal::request()->server that should be replaced. If the special element
 *   'url' is provided in this array, it will be used to populate some of the
 *   server defaults; it should be set to the URL of the current page request,
 *   excluding any GET request but including the script name
 *   (e.g., http://www.example.com/mysite/index.php).
381 382 383
 *
 * @see conf_path()
 * @see request_uri()
384
 * @see \Symfony\Component\HttpFoundation\Request::getClientIP()
385 386
 */
function drupal_override_server_variables($variables = array()) {
387 388
  $request = \Drupal::request();
  $server_vars = $request->server->all();
389
  // Allow the provided URL to override any existing values in $_SERVER.
390 391
  if (isset($variables['url'])) {
    $url = parse_url($variables['url']);
392
    if (isset($url['host'])) {
393
      $server_vars['HTTP_HOST'] = $url['host'];
394 395
    }
    if (isset($url['path'])) {
396
      $server_vars['SCRIPT_NAME'] = $url['path'];
397
    }
398 399
    unset($variables['url']);
  }
400 401 402
  // Define default values for $_SERVER keys. These will be used if $_SERVER
  // does not already define them and no other values are passed in to this
  // function.
403
  $defaults = array(
404 405
    'HTTP_HOST' => 'localhost',
    'SCRIPT_NAME' => NULL,
406 407 408
    'REMOTE_ADDR' => '127.0.0.1',
    'REQUEST_METHOD' => 'GET',
    'SERVER_NAME' => NULL,
409
    'SERVER_SOFTWARE' => NULL,
410 411 412
    'HTTP_USER_AGENT' => NULL,
  );
  // Replace elements of the $_SERVER array, as appropriate.
413 414 415 416
  $request->server->replace($variables + $server_vars + $defaults);

  // @todo remove once conf_path() no longer uses $_SERVER.
  $_SERVER = $request->server->all();
417 418
}

419
/**
420
 * Initializes the PHP environment.
421
 */
422
function drupal_environment_initialize() {
423 424
  if (!isset($_SERVER['HTTP_REFERER'])) {
    $_SERVER['HTTP_REFERER'] = '';
425
  }
426 427 428
  if (!isset($_SERVER['SERVER_PROTOCOL']) || ($_SERVER['SERVER_PROTOCOL'] != 'HTTP/1.0' && $_SERVER['SERVER_PROTOCOL'] != 'HTTP/1.1')) {
    $_SERVER['SERVER_PROTOCOL'] = 'HTTP/1.0';
  }
429

430 431 432 433 434 435 436 437 438 439 440 441 442 443 444
  if (isset($_SERVER['HTTP_HOST'])) {
    // As HTTP_HOST is user input, ensure it only contains characters allowed
    // in hostnames. See RFC 952 (and RFC 2181).
    // $_SERVER['HTTP_HOST'] is lowercased here per specifications.
    $_SERVER['HTTP_HOST'] = strtolower($_SERVER['HTTP_HOST']);
    if (!drupal_valid_http_host($_SERVER['HTTP_HOST'])) {
      // HTTP_HOST is invalid, e.g. if containing slashes it may be an attack.
      header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request');
      exit;
    }
  }
  else {
    // Some pre-HTTP/1.1 clients will not send a Host header. Ensure the key is
    // defined for E_ALL compliance.
    $_SERVER['HTTP_HOST'] = '';
445 446
  }

447 448
  // @todo Refactor with the Symfony Request object.
  _current_path(request_path());
449

450 451
  // Enforce E_STRICT, but allow users to set levels not part of E_STRICT.
  error_reporting(E_STRICT | E_ALL | error_reporting());
452

453 454 455
  // Override PHP settings required for Drupal to work properly.
  // sites/default/default.settings.php contains more runtime settings.
  // The .htaccess file contains settings that cannot be changed at runtime.
456

457 458
  // Use session cookies, not transparent sessions that puts the session id in
  // the query string.
459
  ini_set('session.use_cookies', '1');
460
  ini_set('session.use_only_cookies', '1');
461
  ini_set('session.use_trans_sid', '0');
462
  // Don't send HTTP headers using PHP's session handler.
463 464
  // Send an empty string to disable the cache limiter.
  ini_set('session.cache_limiter', '');
465 466
  // Use httponly session cookies.
  ini_set('session.cookie_httponly', '1');
467 468 469 470

  // Set sane locale settings, to ensure consistent string, dates, times and
  // numbers handling.
  setlocale(LC_ALL, 'C');
471 472
}

473
/**
474
 * Validates that a hostname (for example $_SERVER['HTTP_HOST']) is safe.
475 476 477 478
 *
 * @return
 *  TRUE if only containing valid characters, or FALSE otherwise.
 */
479 480
function drupal_valid_http_host($host) {
  return preg_match('/^\[?(?:[a-zA-Z0-9-:\]_]+\.?)+$/', $host);
481 482
}

483
/**
484
 * Sets the base URL, cookie domain, and session name from configuration.
485
 */
486
function drupal_settings_initialize() {
487
  // Export these settings.php variables to the global namespace.
488
  global $base_url, $databases, $cookie_domain, $config_directories, $config;
489 490
  $settings = array();
  $config = array();
Dries's avatar
Dries committed
491

492 493
  // Make conf_path() available as local variable in settings.php.
  $conf_path = conf_path();
494
  if (is_readable(DRUPAL_ROOT . '/' . $conf_path . '/settings.php')) {
495
    require DRUPAL_ROOT . '/' . $conf_path . '/settings.php';
496
  }
497 498
  // Initialize Settings.
  new Settings($settings);
499 500 501 502 503 504 505 506 507 508 509 510 511 512
}

/**
 * Initializes global request variables.
 *
 * @todo D8: Eliminate this entirely in favor of Request object.
 */
function _drupal_request_initialize() {
  // Provided by settings.php.
  // @see drupal_settings_initialize()
  global $base_url, $cookie_domain;
  // Set and derived from $base_url by this function.
  global $base_path, $base_root, $script_path;
  global $base_secure_url, $base_insecure_url;
513

514
  $is_https = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on';
515 516 517 518

  if (isset($base_url)) {
    // Parse fixed base URL from settings.php.
    $parts = parse_url($base_url);
519 520 521
    if (!isset($parts['path'])) {
      $parts['path'] = '';
    }
522
    $base_path = $parts['path'] . '/';
523 524 525 526 527
    // Build $base_root (everything until first slash after "scheme://").
    $base_root = substr($base_url, 0, strlen($base_url) - strlen($parts['path']));
  }
  else {
    // Create base URL
528
    $http_protocol = $is_https ? 'https' : 'http';
529
    $base_root = $http_protocol . '://' . $_SERVER['HTTP_HOST'];
530

531
    $base_url = $base_root;
532

533 534
    // For a request URI of '/index.php/foo', $_SERVER['SCRIPT_NAME'] is
    // '/index.php', whereas $_SERVER['PHP_SELF'] is '/index.php/foo'.
535
    if ($dir = rtrim(dirname($_SERVER['SCRIPT_NAME']), '\/')) {
536
      // Remove "core" directory if present, allowing install.php, update.php,
537
      // and others to auto-detect a base path.
538 539 540 541 542 543 544
      $core_position = strrpos($dir, '/core');
      if ($core_position !== FALSE && strlen($dir) - 5 == $core_position) {
        $base_path = substr($dir, 0, $core_position);
      }
      else {
        $base_path = $dir;
      }
545 546 547 548 549 550 551
      $base_url .= $base_path;
      $base_path .= '/';
    }
    else {
      $base_path = '/';
    }
  }
552 553
  $base_secure_url = str_replace('http://', 'https://', $base_url);
  $base_insecure_url = str_replace('https://', 'http://', $base_url);
554

555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580
  // Determine the path of the script relative to the base path, and add a
  // trailing slash. This is needed for creating URLs to Drupal pages.
  if (!isset($script_path)) {
    $script_path = '';
    // We don't expect scripts outside of the base path, but sanity check
    // anyway.
    if (strpos($_SERVER['SCRIPT_NAME'], $base_path) === 0) {
      $script_path = substr($_SERVER['SCRIPT_NAME'], strlen($base_path)) . '/';
      // If the request URI does not contain the script name, then clean URLs
      // are in effect and the script path can be similarly dropped from URL
      // generation. For servers that don't provide $_SERVER['REQUEST_URI'], we
      // do not know the actual URI requested by the client, and request_uri()
      // returns a URI with the script name, resulting in non-clean URLs unless
      // there's other code that intervenes.
      if (strpos(request_uri(TRUE) . '/', $base_path . $script_path) !== 0) {
        $script_path = '';
      }
      // @todo Temporary BC for install.php, update.php, and other scripts.
      //   - http://drupal.org/node/1547184
      //   - http://drupal.org/node/1546082
      if ($script_path !== 'index.php/') {
        $script_path = '';
      }
    }
  }

581 582 583 584 585
  if ($cookie_domain) {
    // If the user specifies the cookie domain, also use it for session name.
    $session_name = $cookie_domain;
  }
  else {
586
    // Otherwise use $base_url as session name, without the protocol
587
    // to use the same session identifiers across HTTP and HTTPS.
588
    list( , $session_name) = explode('://', $base_url, 2);
589 590
    // HTTP_HOST can be modified by a visitor, but we already sanitized it
    // in drupal_settings_initialize().
591
    if (!empty($_SERVER['HTTP_HOST'])) {
592
      $cookie_domain = $_SERVER['HTTP_HOST'];
593 594 595 596 597 598 599
      // Strip leading periods, www., and port numbers from cookie domain.
      $cookie_domain = ltrim($cookie_domain, '.');
      if (strpos($cookie_domain, 'www.') === 0) {
        $cookie_domain = substr($cookie_domain, 4);
      }
      $cookie_domain = explode(':', $cookie_domain);
      $cookie_domain = '.' . $cookie_domain[0];
600 601 602 603 604 605 606
    }
  }
  // Per RFC 2109, cookie domains must contain at least one dot other than the
  // first. For hosts such as 'localhost' or IP Addresses we don't set a cookie domain.
  if (count(explode('.', $cookie_domain)) > 2 && !is_numeric(str_replace('.', '', $cookie_domain))) {
    ini_set('session.cookie_domain', $cookie_domain);
  }
607 608 609 610 611 612 613 614 615 616
  // To prevent session cookies from being hijacked, a user can configure the
  // SSL version of their website to only transfer session cookies via SSL by
  // using PHP's session.cookie_secure setting. The browser will then use two
  // separate session cookies for the HTTPS and HTTP versions of the site. So we
  // must use different session identifiers for HTTPS and HTTP to prevent a
  // cookie collision.
  if ($is_https) {
    ini_set('session.cookie_secure', TRUE);
  }
  $prefix = ini_get('session.cookie_secure') ? 'SSESS' : 'SESS';
617
  session_name($prefix . substr(hash('sha256', $session_name), 0, 32));
618 619
}

Dries's avatar
Dries committed
620
/**
621 622 623 624
 * Returns and optionally sets the filename for a system resource.
 *
 * The filename, whether provided, cached, or retrieved from the database, is
 * only returned if the file exists.
Dries's avatar
Dries committed
625
 *
Dries's avatar
Dries committed
626 627
 * This function plays a key role in allowing Drupal's resources (modules
 * and themes) to be located in different places depending on a site's
628
 * configuration. For example, a module 'foo' may legally be located
Dries's avatar
Dries committed
629 630
 * in any of these three places:
 *
631
 * core/modules/foo/foo.module
Dries's avatar
Dries committed
632 633 634 635 636 637
 * modules/foo/foo.module
 * sites/example.com/modules/foo/foo.module
 *
 * Calling drupal_get_filename('module', 'foo') will give you one of
 * the above, depending on where the module is located.
 *
Dries's avatar
Dries committed
638
 * @param $type
639
 *   The type of the item (theme, theme_engine, module, profile).
Dries's avatar
Dries committed
640 641 642 643 644 645 646
 * @param $name
 *   The name of the item for which the filename is requested.
 * @param $filename
 *   The filename of the item if it is to be set explicitly rather
 *   than by consulting the database.
 *
 * @return
647
 *   The filename of the requested item or NULL if the item is not found.
Dries's avatar
Dries committed
648
 */
Dries's avatar
Dries committed
649
function drupal_get_filename($type, $name, $filename = NULL) {
650 651
  // The location of files will not change during the request, so do not use
  // drupal_static().
652
  static $files = array();
Dries's avatar
Dries committed
653

654 655 656
  // Profiles are converted into modules in system_rebuild_module_data().
  // @todo Remove false-exposure of profiles as modules.
  $original_type = $type;
657
  if ($type == 'profile') {
658
    $type = 'module';
659
  }
660
  if (!isset($files[$type])) {
Dries's avatar
Dries committed
661 662 663
    $files[$type] = array();
  }

664
  if (isset($filename)) {
Dries's avatar
Dries committed
665 666
    $files[$type][$name] = $filename;
  }
667 668 669 670 671 672 673 674 675 676 677 678
  elseif (!isset($files[$type][$name])) {
    // If the pathname of the requested extension is not known, try to retrieve
    // the list of extension pathnames from various providers, checking faster
    // providers first.
    // Retrieve the current module list (derived from the service container).
    if ($type == 'module' && \Drupal::hasService('module_handler')) {
      $files[$type] += \Drupal::moduleHandler()->getModuleList();
    }
    // If still unknown, retrieve the file list prepared in state by
    // system_rebuild_module_data() and system_rebuild_theme_data().
    if (!isset($files[$type][$name]) && \Drupal::hasService('state')) {
      $files[$type] += \Drupal::state()->get('system.' . $type . '.files', array());
679
    }
680
    // If still unknown, perform a filesystem scan.
681
    if (!isset($files[$type][$name])) {
682 683 684 685
      $listing = new ExtensionDiscovery();
      // Prevent an infinite recursion by this legacy function.
      if ($original_type == 'profile') {
        $listing->setProfileDirectories(array());
686
      }
687 688
      foreach ($listing->scan($original_type) as $extension_name => $file) {
        $files[$type][$extension_name] = $file->uri;
Dries's avatar
Dries committed
689 690 691 692
      }
    }
  }

693 694 695
  if (isset($files[$type][$name])) {
    return $files[$type][$name];
  }
Dries's avatar
Dries committed
696 697
}

698 699 700 701 702 703 704 705 706 707 708
/**
 * Returns a setting.
 *
 * Settings can be set in settings.php in the $settings array and requested
 * by this function. Settings should be used over configuration for read-only,
 * possibly low bootstrap configuration that is environment specific.
 *
 * @return \Drupal\Component\Utility\Settings
 *   The settings object.
 */
function settings() {
709
  return Settings::getSingleton();
710 711
}

712 713 714 715 716 717 718 719 720 721 722 723
/**
 * Gets the page cache cid for this request.
 *
 * @param \Symfony\Component\HttpFoundation\Request $request
 *   The request for this page.
 *
 * @return string
 *   The cid for this request.
 */
function drupal_page_cache_get_cid(Request $request) {
  $cid_parts = array(
    $request->getUri(),
724
    \Drupal::service('content_negotiation')->getContentType($request),
725 726 727 728
  );
  return sha1(implode(':', $cid_parts));
}

Dries's avatar
 
Dries committed
729
/**
730
 * Retrieves the current page from the cache.
Dries's avatar
 
Dries committed
731
 *
732 733 734 735 736
 * Note: we do not serve cached pages to authenticated users, or to anonymous
 * users when $_SESSION is non-empty. $_SESSION may contain status messages
 * from a form submission, the contents of a shopping cart, or other user-
 * specific content that should not be cached and displayed to other users.
 *
737 738
 * @param \Symfony\Component\HttpFoundation\Request $request
 *   The request for this page.
739
 *
740
 * @return
741
 *   The cache object, if the page was found in the cache, NULL otherwise.
Dries's avatar
 
Dries committed
742
 */
743
function drupal_page_get_cache(Request $request) {
744
  if (drupal_page_is_cacheable()) {
745
    return \Drupal::cache('page')->get(drupal_page_cache_get_cid($request));
746
  }
747 748 749
}

/**
750
 * Determines the cacheability of the current page.
751 752
 *
 * @param $allow_caching
753 754
 *   Set to FALSE if you want to prevent this page to get cached.
 *
755
 * @return
756
 *   TRUE if the current page can be cached, FALSE otherwise.
757 758 759 760 761
 */
function drupal_page_is_cacheable($allow_caching = NULL) {
  $allow_caching_static = &drupal_static(__FUNCTION__, TRUE);
  if (isset($allow_caching)) {
    $allow_caching_static = $allow_caching;
Dries's avatar
 
Dries committed
762
  }
763 764

  return $allow_caching_static && ($_SERVER['REQUEST_METHOD'] == 'GET' || $_SERVER['REQUEST_METHOD'] == 'HEAD')
765
    && !drupal_is_cli();
Dries's avatar
 
Dries committed
766 767
}

768
/**
769
 * Sets an HTTP response header for the current page.
770 771 772 773 774
 *
 * Note: When sending a Content-Type header, always include a 'charset' type,
 * too. This is necessary to avoid security bugs (e.g. UTF-7 XSS).
 *
 * @param $name
775
 *   The HTTP header name, or the special 'Status' header name.
776
 * @param $value
777 778 779
 *   The HTTP header value; if equal to FALSE, the specified header is unset.
 *   If $name is 'Status', this is expected to be a status code followed by a
 *   reason phrase, e.g. "404 Not Found".
780 781
 * @param $append
 *   Whether to append the value to an existing header or to replace it.
782
 *
783 784 785
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   Use \Symfony\Component\HttpFoundation\Response->headers->set().
 *   See https://drupal.org/node/2181523.
786
 */
787
function drupal_add_http_header($name, $value, $append = FALSE) {
788
  // The headers as name/value pairs.
789
  $headers = &drupal_static('drupal_http_headers', array());
790

791
  $name_lower = strtolower($name);
792
  _drupal_set_preferred_header_name($name);
793

794
  if ($value === FALSE) {
795
    $headers[$name_lower] = FALSE;
796
  }
797
  elseif (isset($headers[$name_lower]) && $append) {
798 799
    // Multiple headers with identical names may be combined using comma (RFC
    // 2616, section 4.2).
800
    $headers[$name_lower] .= ',' . $value;
801 802
  }
  else {
803
    $headers[$name_lower] = $value;
804 805 806 807
  }
}

/**
808
 * Gets the HTTP response headers for the current page.
809 810 811 812
 *
 * @param $name
 *   An HTTP header name. If omitted, all headers are returned as name/value
 *   pairs. If an array value is FALSE, the header has been unset.
813
 *
814 815 816
 * @return
 *   A string containing the header value, or FALSE if the header has been set,
 *   or NULL if the header has not been set.
817
 *
818 819 820
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   Use \Symfony\Component\HttpFoundation\Response->headers->get().
 *   See https://drupal.org/node/2181523.
821
 */
822
function drupal_get_http_header($name = NULL) {
823
  $headers = &drupal_static('drupal_http_headers', array());
824 825 826 827 828 829 830 831 832 833
  if (isset($name)) {
    $name = strtolower($name);
    return isset($headers[$name]) ? $headers[$name] : NULL;
  }
  else {
    return $headers;
  }
}

/**
834 835
 * Sets the preferred name for the HTTP header.
 *
836
 * Header names are case-insensitive, but for maximum compatibility they should
837 838
 * follow "common form" (see RFC 2616, section 4.2).
 *
839 840
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   See https://drupal.org/node/2181523.
841 842 843 844 845 846 847 848 849 850 851
 */
function _drupal_set_preferred_header_name($name = NULL) {
  static $header_names = array();

  if (!isset($name)) {
    return $header_names;
  }
  $header_names[strtolower($name)] = $name;
}

/**
852 853 854 855
 * Sends the HTTP response headers that were previously set, adding defaults.
 *
 * Headers are set in drupal_add_http_header(). Default headers are not set
 * if they have been replaced or unset using drupal_add_http_header().
856
 *
857 858 859 860 861
 * @param array $default_headers
 *   (optional) An array of headers as name/value pairs.
 * @param bool $only_default
 *   (optional) If TRUE and headers have already been sent, send only the
 *   specified headers.
862
 *
863 864
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   See https://drupal.org/node/2181523.
865 866 867
 */
function drupal_send_headers($default_headers = array(), $only_default = FALSE) {
  $headers_sent = &drupal_static(__FUNCTION__, FALSE);
868
  $headers = drupal_get_http_header();
869 870 871 872 873 874 875 876 877 878 879 880 881 882
  if ($only_default && $headers_sent) {
    $headers = array();
  }
  $headers_sent = TRUE;

  $header_names = _drupal_set_preferred_header_name();
  foreach ($default_headers as $name => $value) {
    $name_lower = strtolower($name);
    if (!isset($headers[$name_lower])) {
      $headers[$name_lower] = $value;
      $header_names[$name_lower] = $name;
    }
  }
  foreach ($headers as $name_lower => $value) {
883
    if ($name_lower == 'status') {