bootstrap.inc 49.9 KB
Newer Older
1
<?php
2 3 4 5
/**
 * @file
 * Functions that need to be loaded on every Drupal request.
 */
6

7
use Drupal\Component\Datetime\DateTimePlus;
8
use Drupal\Component\Utility\Crypt;
9
use Drupal\Component\Utility\Environment;
10
use Drupal\Component\Utility\SafeMarkup;
11
use Drupal\Component\Utility\String;
12
use Drupal\Component\Utility\Unicode;
13
use Drupal\Core\DrupalKernel;
14
use Drupal\Core\Extension\ExtensionDiscovery;
15
use Drupal\Core\Logger\RfcLogLevel;
16
use Drupal\Core\Site\Settings;
17
use Drupal\Core\Utility\Error;
18
use Symfony\Component\ClassLoader\ApcClassLoader;
19
use Symfony\Component\HttpFoundation\Request;
20
use Symfony\Component\HttpFoundation\Response;
21
use Drupal\Core\Language\LanguageInterface;
22

23 24
/**
 * Minimum supported version of PHP.
25
 */
26
const DRUPAL_MINIMUM_PHP = '5.4.5';
27 28 29

/**
 * Minimum recommended value of PHP memory_limit.
30 31 32
 *
 * @todo Reduce the memory required to install on some environments in
 *   https://www.drupal.org/node/2289201 and then decrease this limit.
33
 */
34
const DRUPAL_MINIMUM_PHP_MEMORY_LIMIT = '64M';
35

36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55
/**
 * Error reporting level: display no errors.
 */
const ERROR_REPORTING_HIDE = 'hide';

/**
 * Error reporting level: display errors and warnings.
 */
const ERROR_REPORTING_DISPLAY_SOME = 'some';

/**
 * Error reporting level: display all messages.
 */
const ERROR_REPORTING_DISPLAY_ALL = 'all';

/**
 * Error reporting level: display all messages, plus backtrace information.
 */
const ERROR_REPORTING_DISPLAY_VERBOSE = 'verbose';

56 57
/**
 * First bootstrap phase: initialize configuration.
58 59
 *
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
60
 */
61
const DRUPAL_BOOTSTRAP_CONFIGURATION = 0;
62 63

/**
64 65 66
 * Second bootstrap phase, initialize a kernel.
 *
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
67
 */
68
const DRUPAL_BOOTSTRAP_KERNEL = 1;
69 70

/**
71
 * Third bootstrap phase: try to serve a cached page.
72 73
 *
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
74
 */
75
const DRUPAL_BOOTSTRAP_PAGE_CACHE = 2;
76 77

/**
78
 * Fourth bootstrap phase: load code for subsystems and modules.
79 80
 *
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
81
 */
82
const DRUPAL_BOOTSTRAP_CODE = 3;
83 84

/**
85
 * Final bootstrap phase: initialize language, path, theme, and modules.
86 87
 *
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
88
 */
89
const DRUPAL_BOOTSTRAP_FULL = 4;
90

91 92 93
/**
 * Role ID for anonymous users; should match what's in the "role" table.
 */
94
const DRUPAL_ANONYMOUS_RID = 'anonymous';
95 96 97 98

/**
 * Role ID for authenticated users; should match what's in the "role" table.
 */
99
const DRUPAL_AUTHENTICATED_RID = 'authenticated';
100

101 102 103 104 105
/**
 * The maximum number of characters in a module or theme name.
 */
const DRUPAL_EXTENSION_NAME_MAX_LENGTH = 50;

106
/**
107
 * Time of the current request in seconds elapsed since the Unix Epoch.
108
 *
109 110 111 112 113 114
 * This differs from $_SERVER['REQUEST_TIME'], which is stored as a float
 * since PHP 5.4.0. Float timestamps confuse most PHP functions
 * (including date_create()).
 *
 * @see http://php.net/manual/reserved.variables.server.php
 * @see http://php.net/manual/function.time.php
115
 */
116
define('REQUEST_TIME', (int) $_SERVER['REQUEST_TIME']);
117

118 119 120
/**
 * Regular expression to match PHP function names.
 *
121
 * @see http://php.net/manual/language.functions.php
122
 */
123
const DRUPAL_PHP_FUNCTION_PATTERN = '[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*';
124

125 126 127
/**
 * $config_directories key for active directory.
 *
128
 * @see config_get_config_directory()
129 130 131 132 133 134
 */
const CONFIG_ACTIVE_DIRECTORY = 'active';

/**
 * $config_directories key for staging directory.
 *
135
 * @see config_get_config_directory()
136 137 138
 */
const CONFIG_STAGING_DIRECTORY = 'staging';

139 140 141 142 143 144 145
/**
 * Defines the root directory of the Drupal installation.
 *
 * This strips two levels of directories off the current directory.
 */
define('DRUPAL_ROOT', dirname(dirname(__DIR__)));

146
/**
147
 * Returns the appropriate configuration directory.
148
 *
149
 * @param bool $require_settings
150 151 152 153
 *   Only configuration directories with an existing settings.php file
 *   will be recognized. Defaults to TRUE. During initial installation,
 *   this is set to FALSE so that Drupal can detect a matching directory,
 *   then create a new settings.php file in it.
154
 * @param bool $reset
155
 *   Force a full search for matching directories even if one had been
156
 *   found previously. Defaults to FALSE.
157 158 159
 * @param \Symfony\Component\HttpFoundation\Request $request
 *   (optional) The current request. Defaults to \Drupal::request() or a new
 *   request created from globals.
160
 *
161 162
 * @return string
 *   The path of the matching directory.@see default.settings.php
163
 *
164 165 166 167 168 169 170 171 172 173 174 175 176 177
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   Use \Drupal\Core\DrupalKernel::getSitePath() instead. If the kernel is
 *   unavailable or the site path needs to be recalculated then
 *   Drupal\Core\DrupalKernel::findSitePath() can be used.
 */
function conf_path($require_settings = TRUE, $reset = FALSE, Request $request = NULL) {
  if (!isset($request)) {
    if (\Drupal::hasRequest()) {
      $request = \Drupal::request();
    }
    // @todo Remove once external CLI scripts (Drush) are updated.
    else {
      $request = Request::createFromGlobals();
    }
178
  }
179 180
  if (\Drupal::hasService('kernel')) {
    $site_path = \Drupal::service('kernel')->getSitePath();
181
  }
182 183
  if (!isset($site_path) || empty($site_path)) {
    $site_path = DrupalKernel::findSitePath($request, $require_settings);
184
  }
185
  return $site_path;
186
}
187
/**
188 189 190 191 192
 * Returns the path of a configuration directory.
 *
 * @param string $type
 *   (optional) The type of config directory to return. Drupal core provides
 *   'active' and 'staging'. Defaults to CONFIG_ACTIVE_DIRECTORY.
193 194 195 196
 *
 * @return string
 *   The configuration directory path.
 */
197 198
function config_get_config_directory($type = CONFIG_ACTIVE_DIRECTORY) {
  global $config_directories;
199

200
  if (!empty($config_directories[$type])) {
201
    return $config_directories[$type];
202
  }
203
  throw new \Exception(format_string('The configuration directory type %type does not exist.', array('%type' => $type)));
204 205
}

Dries's avatar
Dries committed
206
/**
207 208 209 210
 * Returns and optionally sets the filename for a system resource.
 *
 * The filename, whether provided, cached, or retrieved from the database, is
 * only returned if the file exists.
Dries's avatar
Dries committed
211
 *
Dries's avatar
Dries committed
212 213
 * This function plays a key role in allowing Drupal's resources (modules
 * and themes) to be located in different places depending on a site's
214
 * configuration. For example, a module 'foo' may legally be located
Dries's avatar
Dries committed
215 216
 * in any of these three places:
 *
217 218 219
 * core/modules/foo/foo.info.yml
 * modules/foo/foo.info.yml
 * sites/example.com/modules/foo/foo.info.yml
Dries's avatar
Dries committed
220 221 222 223
 *
 * Calling drupal_get_filename('module', 'foo') will give you one of
 * the above, depending on where the module is located.
 *
Dries's avatar
Dries committed
224
 * @param $type
225 226
 *   The type of the item; one of 'core', 'profile', 'module', 'theme', or
 *   'theme_engine'.
Dries's avatar
Dries committed
227
 * @param $name
228 229
 *   The name of the item for which the filename is requested. Ignored for
 *   $type 'core'.
Dries's avatar
Dries committed
230 231 232 233 234
 * @param $filename
 *   The filename of the item if it is to be set explicitly rather
 *   than by consulting the database.
 *
 * @return
235
 *   The filename of the requested item or NULL if the item is not found.
Dries's avatar
Dries committed
236
 */
Dries's avatar
Dries committed
237
function drupal_get_filename($type, $name, $filename = NULL) {
238 239
  // The location of files will not change during the request, so do not use
  // drupal_static().
240
  static $files = array();
Dries's avatar
Dries committed
241

242 243 244 245 246 247 248 249
  // Type 'core' only exists to simplify application-level logic; it always maps
  // to the /core directory, whereas $name is ignored. It is only requested via
  // drupal_get_path(). /core/core.info.yml does not exist, but is required
  // since drupal_get_path() returns the dirname() of the returned pathname.
  if ($type === 'core') {
    return 'core/core.info.yml';
  }

250 251 252
  // Profiles are converted into modules in system_rebuild_module_data().
  // @todo Remove false-exposure of profiles as modules.
  $original_type = $type;
253
  if ($type == 'profile') {
254
    $type = 'module';
255
  }
256
  if (!isset($files[$type])) {
Dries's avatar
Dries committed
257 258 259
    $files[$type] = array();
  }

260
  if (isset($filename)) {
Dries's avatar
Dries committed
261 262
    $files[$type][$name] = $filename;
  }
263 264 265 266 267 268
  elseif (!isset($files[$type][$name])) {
    // If the pathname of the requested extension is not known, try to retrieve
    // the list of extension pathnames from various providers, checking faster
    // providers first.
    // Retrieve the current module list (derived from the service container).
    if ($type == 'module' && \Drupal::hasService('module_handler')) {
269 270 271
      foreach (\Drupal::moduleHandler()->getModuleList() as $module_name => $module) {
        $files[$type][$module_name] = $module->getPathname();
      }
272 273 274 275 276
    }
    // If still unknown, retrieve the file list prepared in state by
    // system_rebuild_module_data() and system_rebuild_theme_data().
    if (!isset($files[$type][$name]) && \Drupal::hasService('state')) {
      $files[$type] += \Drupal::state()->get('system.' . $type . '.files', array());
277
    }
278
    // If still unknown, perform a filesystem scan.
279
    if (!isset($files[$type][$name])) {
280
      $listing = new ExtensionDiscovery(DRUPAL_ROOT);
281 282 283
      // Prevent an infinite recursion by this legacy function.
      if ($original_type == 'profile') {
        $listing->setProfileDirectories(array());
284
      }
285
      foreach ($listing->scan($original_type) as $extension_name => $file) {
286
        $files[$type][$extension_name] = $file->getPathname();
Dries's avatar
Dries committed
287 288 289 290
      }
    }
  }

291 292 293
  if (isset($files[$type][$name])) {
    return $files[$type][$name];
  }
Dries's avatar
Dries committed
294 295
}

296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312
/**
 * Returns the path to a system item (module, theme, etc.).
 *
 * @param $type
 *   The type of the item; one of 'core', 'profile', 'module', 'theme', or
 *   'theme_engine'.
 * @param $name
 *   The name of the item for which the path is requested. Ignored for
 *   $type 'core'.
 *
 * @return
 *   The path to the requested item or an empty string if the item is not found.
 */
function drupal_get_path($type, $name) {
  return dirname(drupal_get_filename($type, $name));
}

313 314 315 316 317 318 319 320 321 322 323 324
/**
 * Gets the page cache cid for this request.
 *
 * @param \Symfony\Component\HttpFoundation\Request $request
 *   The request for this page.
 *
 * @return string
 *   The cid for this request.
 */
function drupal_page_cache_get_cid(Request $request) {
  $cid_parts = array(
    $request->getUri(),
325
    \Drupal::service('content_negotiation')->getContentType($request),
326
  );
327
  return implode(':', $cid_parts);
328 329
}

330
/**
331
 * Retrieves the current page from the cache.
332
 *
333 334
 * @param \Symfony\Component\HttpFoundation\Request $request
 *   The request for this page.
335
 *
336 337
 * @return \Symfony\Component\HttpFoundation\Response
 *   The response, if the page was found in the cache, NULL otherwise.
338
 */
339
function drupal_page_get_cache(Request $request) {
340 341 342
  $cache = \Drupal::cache('render')->get(drupal_page_cache_get_cid($request));
  if ($cache) {
    return $cache->data;
343
  }
344 345
}

346
/**
347
 * Sets an HTTP response header for the current page.
348 349 350 351 352
 *
 * Note: When sending a Content-Type header, always include a 'charset' type,
 * too. This is necessary to avoid security bugs (e.g. UTF-7 XSS).
 *
 * @param $name
353
 *   The HTTP header name, or the special 'Status' header name.
354
 * @param $value
355 356 357
 *   The HTTP header value; if equal to FALSE, the specified header is unset.
 *   If $name is 'Status', this is expected to be a status code followed by a
 *   reason phrase, e.g. "404 Not Found".
358 359
 * @param $append
 *   Whether to append the value to an existing header or to replace it.
360
 *
361 362 363
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   Use \Symfony\Component\HttpFoundation\Response->headers->set().
 *   See https://drupal.org/node/2181523.
364
 */
365
function _drupal_add_http_header($name, $value, $append = FALSE) {
366
  // The headers as name/value pairs.
367
  $headers = &drupal_static('drupal_http_headers', array());
368

369
  $name_lower = strtolower($name);
370
  _drupal_set_preferred_header_name($name);
371

372
  if ($value === FALSE) {
373
    $headers[$name_lower] = FALSE;
374
  }
375
  elseif (isset($headers[$name_lower]) && $append) {
376 377
    // Multiple headers with identical names may be combined using comma (RFC
    // 2616, section 4.2).
378
    $headers[$name_lower] .= ',' . $value;
379 380
  }
  else {
381
    $headers[$name_lower] = $value;
382 383 384 385
  }
}

/**
386
 * Gets the HTTP response headers for the current page.
387 388 389 390
 *
 * @param $name
 *   An HTTP header name. If omitted, all headers are returned as name/value
 *   pairs. If an array value is FALSE, the header has been unset.
391
 *
392 393 394
 * @return
 *   A string containing the header value, or FALSE if the header has been set,
 *   or NULL if the header has not been set.
395
 *
396 397 398
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   Use \Symfony\Component\HttpFoundation\Response->headers->get().
 *   See https://drupal.org/node/2181523.
399
 */
400
function drupal_get_http_header($name = NULL) {
401
  $headers = &drupal_static('drupal_http_headers', array());
402 403 404 405 406 407 408 409 410 411
  if (isset($name)) {
    $name = strtolower($name);
    return isset($headers[$name]) ? $headers[$name] : NULL;
  }
  else {
    return $headers;
  }
}

/**
412 413
 * Sets the preferred name for the HTTP header.
 *
414
 * Header names are case-insensitive, but for maximum compatibility they should
415 416
 * follow "common form" (see RFC 2616, section 4.2).
 *
417 418
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   See https://drupal.org/node/2181523.
419 420 421 422 423 424 425 426 427 428
 */
function _drupal_set_preferred_header_name($name = NULL) {
  static $header_names = array();

  if (!isset($name)) {
    return $header_names;
  }
  $header_names[strtolower($name)] = $name;
}

429
/**
430
 * Sets HTTP headers in preparation for a cached page response.
431
 *
432 433
 * The headers allow as much as possible in proxies and browsers without any
 * particular knowledge about the pages. Modules can override these headers
434
 * using _drupal_add_http_header().
435
 *
436 437 438 439
 * If the request is conditional (using If-Modified-Since and If-None-Match),
 * and the conditions match those currently in the cache, a 304 Not Modified
 * response is sent.
 */
440 441 442 443 444 445 446 447 448 449 450
function drupal_serve_page_from_cache(Response $response, Request $request) {
  // Only allow caching in the browser and prevent that the response is stored
  // by an external proxy server when the following conditions apply:
  // 1. There is a session cookie on the request.
  // 2. The Vary: Cookie header is on the response.
  // 3. The Cache-Control header does not contain the no-cache directive.
  if ($request->cookies->has(session_name()) &&
    in_array('Cookie', $response->getVary()) &&
    !$response->headers->hasCacheControlDirective('no-cache')) {

    $response->setPrivate();
451 452
  }

453 454 455 456
  // Negotiate whether to use compression.
  if ($response->headers->get('Content-Encoding') == 'gzip' && extension_loaded('zlib')) {
    if (strpos($request->headers->get('Accept-Encoding'), 'gzip') !== FALSE) {
      // The response content is already gzip'ed, so make sure
457
      // zlib.output_compression does not compress it once more.
458
      ini_set('zlib.output_compression', '0');
459 460
    }
    else {
461 462 463 464 465 466
      // The client does not support compression. Decompress the content and
      // remove the Content-Encoding header.
      $content = $response->getContent();
      $content = gzinflate(substr(substr($content, 10), 0, -8));
      $response->setContent($content);
      $response->headers->remove('Content-Encoding');
467
    }
468 469
  }

470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492
  // Perform HTTP revalidation.
  // @todo Use Response::isNotModified() as per https://drupal.org/node/2259489
  $last_modified = $response->getLastModified();
  if ($last_modified) {
    // See if the client has provided the required HTTP headers.
    $if_modified_since = $request->server->has('HTTP_IF_MODIFIED_SINCE') ? strtotime($request->server->get('HTTP_IF_MODIFIED_SINCE')) : FALSE;
    $if_none_match = $request->server->has('HTTP_IF_NONE_MATCH') ? stripslashes($request->server->get('HTTP_IF_NONE_MATCH')) : FALSE;

    if ($if_modified_since && $if_none_match
      && $if_none_match == $response->getEtag() // etag must match
      && $if_modified_since == $last_modified->getTimestamp()) {  // if-modified-since must match
      $response->setStatusCode(304);
      $response->setContent(NULL);

      // In the case of a 304 response, certain headers must be sent, and the
      // remaining may not (see RFC 2616, section 10.3.5).
      foreach (array_keys($response->headers->all()) as $name) {
        if (!in_array($name, array('content-location', 'expires', 'cache-control', 'vary'))) {
          $response->headers->remove($name);
        }
      }
    }
  }
493 494
}

495
/**
496
 * Translates a string to the current language or to a given language.
497
 *
498 499 500
 * The t() function serves two purposes. First, at run-time it translates
 * user-visible text into the appropriate language. Second, various mechanisms
 * that figure out what text needs to be translated work off t() -- the text
501 502 503 504 505
 * inside t() calls is added to the database of strings to be translated.
 * These strings are expected to be in English, so the first argument should
 * always be in English. To enable a fully-translatable site, it is important
 * that all human-readable text that will be displayed on the site or sent to
 * a user is passed through the t() function, or a related function. See the
506 507 508 509
 * @link http://drupal.org/node/322729 Localization API @endlink pages for
 * more information, including recommendations on how to break up or not
 * break up strings for translation.
 *
510
 * @section sec_translating_vars Translating Variables
511 512 513 514 515 516 517 518 519
 * You should never use t() to translate variables, such as calling
 * @code t($text); @endcode, unless the text that the variable holds has been
 * passed through t() elsewhere (e.g., $text is one of several translated
 * literal strings in an array). It is especially important never to call
 * @code t($user_text); @endcode, where $user_text is some text that a user
 * entered - doing that can lead to cross-site scripting and other security
 * problems. However, you can use variable substitution in your string, to put
 * variable text such as user names or link URLs into translated text. Variable
 * substitution looks like this:
520
 * @code
521
 * $text = t("@name's blog", array('@name' => user_format_name($account)));
522
 * @endcode
523
 * Basically, you can put variables like @name into your string, and t() will
524 525
 * substitute their sanitized values at translation time. (See the
 * Localization API pages referenced above and the documentation of
526 527 528
 * format_string() for details about how to define variables in your string.)
 * Translators can then rearrange the string as necessary for the language
 * (e.g., in Spanish, it might be "blog de @name").
529 530 531 532
 *
 * @param $string
 *   A string containing the English string to translate.
 * @param $args
533 534 535
 *   An associative array of replacements to make after translation. Based
 *   on the first character of the key, the value is escaped and/or themed.
 *   See format_string() for details.
536
 * @param $options
537 538 539 540 541
 *   An associative array of additional options, with the following elements:
 *   - 'langcode' (defaults to the current language): The language code to
 *     translate to a language other than what is used to display the page.
 *   - 'context' (defaults to the empty context): The context the source string
 *     belongs to.
542
 *
543 544
 * @return
 *   The translated string.
545
 *
546
 * @see format_string()
547
 * @ingroup sanitization
548 549
 */
function t($string, array $args = array(), array $options = array()) {
550
  return \Drupal::translation()->translate($string, $args, $options);
551 552 553
}

/**
554 555
 * Formats a string for HTML display by replacing variable placeholders.
 *
556
 * @see \Drupal\Component\Utility\String::format()
557 558 559 560
 * @see t()
 * @ingroup sanitization
 */
function format_string($string, array $args = array()) {
561
  return String::format($string, $args);
562 563
}

Gábor Hojtsy's avatar
Gábor Hojtsy committed
564 565 566 567 568 569 570 571 572 573 574 575 576 577 578
/**
 * Checks whether a string is valid UTF-8.
 *
 * All functions designed to filter input should use drupal_validate_utf8
 * to ensure they operate on valid UTF-8 strings to prevent bypass of the
 * filter.
 *
 * When text containing an invalid UTF-8 lead byte (0xC0 - 0xFF) is presented
 * as UTF-8 to Internet Explorer 6, the program may misinterpret subsequent
 * bytes. When these subsequent bytes are HTML control characters such as
 * quotes or angle brackets, parts of the text that were deemed safe by filters
 * end up in locations that are potentially unsafe; An onerror attribute that
 * is outside of a tag, and thus deemed safe by a filter, can be interpreted
 * by the browser as if it were inside the tag.
 *
579 580
 * The function does not return FALSE for strings containing character codes
 * above U+10FFFF, even though these are prohibited by RFC 3629.
Gábor Hojtsy's avatar
Gábor Hojtsy committed
581 582 583
 *
 * @param $text
 *   The text to check.
584
 *
Gábor Hojtsy's avatar
Gábor Hojtsy committed
585 586
 * @return
 *   TRUE if the text is valid UTF-8, FALSE if not.
587 588
 *
 * @see \Drupal\Component\Utility\Unicode::validateUtf8()
Gábor Hojtsy's avatar
Gábor Hojtsy committed
589 590
 */
function drupal_validate_utf8($text) {
591
  return Unicode::validateUtf8($text);
Dries's avatar
Dries committed
592 593
}

594
/**
595 596 597 598
 * Returns the equivalent of Apache's $_SERVER['REQUEST_URI'] variable.
 *
 * Because $_SERVER['REQUEST_URI'] is only available on Apache, we generate an
 * equivalent using other environment variables.
599 600
 *
 * @todo The above comment is incorrect: http://drupal.org/node/1547294.
601
 */
602
function request_uri($omit_query_string = FALSE) {
603 604 605 606
  if (isset($_SERVER['REQUEST_URI'])) {
    $uri = $_SERVER['REQUEST_URI'];
  }
  else {
607
    if (isset($_SERVER['argv'][0])) {
608
      $uri = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['argv'][0];
609
    }
610
    elseif (isset($_SERVER['QUERY_STRING'])) {
611
      $uri = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING'];
612
    }
613 614 615
    else {
      $uri = $_SERVER['SCRIPT_NAME'];
    }
616
  }
617 618
  // Prevent multiple slashes to avoid cross site requests via the Form API.
  $uri = '/' . ltrim($uri, '/');
619

620
  return $omit_query_string ? strtok($uri, '?') : $uri;
621
}
Dries's avatar
Dries committed
622

623
/**
624
 * Logs an exception.
625
 *
626
 * This is a wrapper logging function which automatically decodes an exception.
627 628 629 630 631 632 633
 *
 * @param $type
 *   The category to which this message belongs.
 * @param $exception
 *   The exception that is going to be logged.
 * @param $message
 *   The message to store in the log. If empty, a text that contains all useful
634
 *   information about the passed-in exception is used.
635
 * @param $variables
636 637 638
 *   Array of variables to replace in the message on display or
 *   NULL if message is already translated or not possible to
 *   translate.
639 640 641 642 643
 * @param $severity
 *   The severity of the message, as per RFC 3164.
 * @param $link
 *   A link to associate with the message.
 *
644
 * @see \Drupal\Core\Utility\Error::decodeException()
645
 */
646
function watchdog_exception($type, Exception $exception, $message = NULL, $variables = array(), $severity = RfcLogLevel::ERROR, $link = NULL) {
647

648 649 650 651 652 653 654 655 656 657 658 659 660 661 662
  // Use a default value if $message is not set.
  if (empty($message)) {
    // The exception message is run through
    // \Drupal\Component\Utility\String::checkPlain() by
    // \Drupal\Core\Utility\Error:decodeException().
    $message = '%type: !message in %function (line %line of %file).';
  }

  if ($link) {
    $variables['link'] = $link;
  }

  $variables += Error::decodeException($exception);

  \Drupal::logger($type)->log($severity, $message, $variables);
663 664
}

665
/**
666
 * Sets a message to display to the user.
667
 *
668 669
 * Messages are stored in a session variable and displayed in the page template
 * via the $messages theme variable.
670
 *
671 672 673 674 675 676 677 678 679 680 681 682
 * Example usage:
 * @code
 * drupal_set_message(t('An error occurred and processing did not complete.'), 'error');
 * @endcode
 *
 * @param string $message
 *   (optional) The translated message to be displayed to the user. For
 *   consistency with other messages, it should begin with a capital letter and
 *   end with a period.
 * @param string $type
 *   (optional) The message's type. Defaults to 'status'. These values are
 *   supported:
683
 *   - 'status'
684
 *   - 'warning'
685
 *   - 'error'
686 687
 * @param bool $repeat
 *   (optional) If this is FALSE and the message is already set, then the
688
 *   message won't be repeated. Defaults to FALSE.
689 690 691
 *
 * @return array|null
 *   A multidimensional array with keys corresponding to the set message types.
692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712
 *   The indexed array values of each contain the set messages for that type,
 *   and each message is an associative array with the following format:
 *   - safe: Boolean indicating whether the message string has been marked as
 *     safe. Non-safe strings will be escaped automatically.
 *   - message: The message string.
 *   So, the following is an example of the full return array structure:
 *   @code
 *     array(
 *       'status' => array(
 *         array(
 *           'safe' => TRUE,
 *           'message' => 'A <em>safe</em> markup string.',
 *         ),
 *         array(
 *           'safe' => FALSE,
 *           'message' => "$arbitrary_user_input to escape.",
 *         ),
 *       ),
 *     );
 *   @endcode
 *   If there are no messages set, the function returns NULL.
713 714
 *
 * @see drupal_get_messages()
715
 * @see status-messages.html.twig
716
 */
717
function drupal_set_message($message = NULL, $type = 'status', $repeat = FALSE) {
718
  if (isset($message)) {
719 720 721 722
    if (!isset($_SESSION['messages'][$type])) {
      $_SESSION['messages'][$type] = array();
    }

723 724 725 726 727 728
    $new = array(
      'safe' => SafeMarkup::isSafe($message),
      'message' => $message,
    );
    if ($repeat || !in_array($new, $_SESSION['messages'][$type])) {
      $_SESSION['messages'][$type][] = $new;
729
    }
730

731
    // Mark this page as being uncacheable.
732
    \Drupal::service('page_cache_kill_switch')->trigger();
733 734
  }

735
  // Messages not set when DB connection fails.
736
  return isset($_SESSION['messages']) ? $_SESSION['messages'] : NULL;
737 738
}

739
/**
740
 * Returns all messages that have been set with drupal_set_message().
741
 *
742 743 744 745 746 747 748 749 750 751 752
 * @param string $type
 *   (optional) Limit the messages returned by type. Defaults to NULL, meaning
 *   all types. These values are supported:
 *   - NULL
 *   - 'status'
 *   - 'warning'
 *   - 'error'
 * @param bool $clear_queue
 *   (optional) If this is TRUE, the queue will be cleared of messages of the
 *   type specified in the $type parameter. Otherwise the queue will be left
 *   intact. Defaults to TRUE.
753
 *
754
 * @return array
755 756 757 758
 *   An associative, nested array of messages grouped by message type, with
 *   the top-level keys as the message type. The messages returned are
 *   limited to the type specified in the $type parameter, if any. If there
 *   are no messages of the specified type, an empty array is returned. See
759
 *   drupal_set_message() for the array structure of individual messages.
760 761
 *
 * @see drupal_set_message()
762
 * @see status-messages.html.twig
763
 */
764
function drupal_get_messages($type = NULL, $clear_queue = TRUE) {
765
  if ($messages = drupal_set_message()) {
766 767 768 769 770 771 772 773
    foreach ($messages as $message_type => $message_typed_messages) {
      foreach ($message_typed_messages as $key => $message) {
        if ($message['safe']) {
          $message['message'] = SafeMarkup::set($message['message']);
        }
        $messages[$message_type][$key] = $message['message'];
      }
    }
774
    if ($type) {
775
      if ($clear_queue) {
776
        unset($_SESSION['messages'][$type]);
777
      }
778 779 780
      if (isset($messages[$type])) {
        return array($type => $messages[$type]);
      }
781 782
    }
    else {
783
      if ($clear_queue) {
784
        unset($_SESSION['messages']);
785
      }
786 787
      return $messages;
    }
788
  }
789
  return array();
790 791
}

792
/**
793 794 795 796 797 798 799 800
 * Ensures Drupal is bootstrapped to the specified phase.
 *
 * In order to bootstrap Drupal from another PHP script, you can use this code:
 * @code
 *   require_once '/path/to/drupal/core/vendor/autoload.php';
 *   require_once '/path/to/drupal/core/includes/bootstrap.inc';
 *   drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
 * @endcode
801 802
 *
 * @param $phase
803
 *   A constant telling which phase to bootstrap to. Possible values:
804
 *   - DRUPAL_BOOTSTRAP_CONFIGURATION: Initializes configuration.
805
 *   - DRUPAL_BOOTSTRAP_KERNEL: Initializes a kernel.
806
 *
807
 * @return int
808
 *   The most recently completed phase.
809 810 811
 *
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   Interact directly with the kernel.
812
 */
813
function drupal_bootstrap($phase = NULL) {
814 815 816 817 818
  // Temporary variables used for booting later legacy phases.
  /** @var \Drupal\Core\DrupalKernel $kernel */
  static $kernel;
  static $boot_level = 0;

819
  if (isset($phase)) {
820 821
    $request = Request::createFromGlobals();
    for ($current_phase = $boot_level; $current_phase <= $phase; $current_phase++) {
822

823 824
      switch ($current_phase) {
        case DRUPAL_BOOTSTRAP_CONFIGURATION:
825 826
          $classloader = require __DIR__ . '/../vendor/autoload.php';
          $kernel = DrupalKernel::createFromRequest($request, $classloader, 'prod');
827 828
          break;

829
        case DRUPAL_BOOTSTRAP_KERNEL:
830
          $kernel->boot();
831 832
          break;

833
        case DRUPAL_BOOTSTRAP_PAGE_CACHE:
834
          $kernel->handlePageCache($request);
835 836
          break;

837
        case DRUPAL_BOOTSTRAP_CODE:
838
        case DRUPAL_BOOTSTRAP_FULL:
839
          $kernel->prepareLegacyRequest($request);
840 841
          break;
      }
842
    }
843
    $boot_level = $phase;
844 845
  }

846
  return \Drupal::getContainer() ? DRUPAL_BOOTSTRAP_CODE : DRUPAL_BOOTSTRAP_CONFIGURATION;
847 848
}

849
/**
850
 * Returns the time zone of the current user.
851 852 853
 */
function drupal_get_user_timezone() {
  global $user;
854
  $config = \Drupal::config('system.date');
855

856
  if ($user && $config->get('timezone.user.configurable') && $user->isAuthenticated() && $user->getTimezone()) {
857
    return $user->getTimezone();
858 859
  }
  else {
860 861
    // Ignore PHP strict notice if time zone has not yet been set in the php.ini
    // configuration.
862
    $config_data_default_timezone = $config->get('timezone.default');
863
    return !empty($config_data_default_timezone) ? $config_data_default_timezone : @date_default_timezone_get();
864 865 866
  }
}

867
/**
868
 * Provides custom PHP error handling.
869 870 871 872 873 874 875 876 877 878
 *
 * @param $error_level
 *   The level of the error raised.
 * @param $message
 *   The error message.
 * @param $filename
 *   The filename that the error was raised in.
 * @param $line
 *   The line number the error was raised at.
 * @param $context
879 880
 *   An array that points to the active symbol table at the point the error
 *   occurred.
881 882
 */
function _drupal_error_handler($error_level, $message, $filename, $line, $context) {
883
  require_once __DIR__ . '/errors.inc';
884 885 886 887
  _drupal_error_handler_real($error_level, $message, $filename, $line, $context);
}

/**
888
 * Provides custom PHP exception handling.
889 890 891 892 893 894 895 896 897
 *
 * Uncaught exceptions are those not enclosed in a try/catch block. They are
 * always fatal: the execution of the script will stop as soon as the exception
 * handler exits.
 *
 * @param $exception
 *   The exception object that was thrown.
 */
function _drupal_exception_handler($exception) {
898
  require_once __DIR__ . '/errors.inc';
899 900 901

  try {
    // Log the message to the watchdog and return an error page to the user.
902
    _drupal_log_error(Error::decodeException($exception), TRUE);
903 904 905 906
  }
  catch (Exception $exception2) {
    // Another uncaught exception was thrown while handling the first one.
    // If we are displaying errors, then do so with no possibility of a further uncaught exception being thrown.
907 908
    if (error_displayable()) {
      print '<h1>Additional uncaught exception thrown while handling exception.</h1>';
909 910
      print '<h2>Original</h2><p>' . Error::renderExceptionSafe($exception) . '</p>';
      print '<h2>Additional</h2><p>' . Error::renderExceptionSafe($exception2) . '</p><hr />';
911 912
    }
  }
913 914
}

915 916 917 918 919 920
/**
 * Returns the current bootstrap phase for this Drupal process.
 *
 * The current phase is the one most recently completed by drupal_bootstrap().
 *
 * @see drupal_bootstrap()
921 922
 *
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
923 924 925 926 927
 */
function drupal_get_bootstrap_phase() {
  return drupal_bootstrap();
}

928 929 930
/**
 * Returns the list of enabled modules.
 *
931 932
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   Use \Drupal::moduleHandler()->getModuleList().
933 934 935 936
 *
 * @see \Drupal\Core\Extension\ModuleHandler::getModuleList()
 */
function module_list() {
937
  $modules = array_keys(\Drupal::moduleHandler()->getModuleList());
938 939 940 941 942 943
  return array_combine($modules, $modules);
}

/**
 * Determines which modules are implementing a hook.
 *
944 945
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   Use \Drupal::moduleHandler()->getImplementations($hook).
946 947 948 949
 *
 * @see \Drupal\Core\Extension\ModuleHandler::getImplementations()
 */
function module_implements($hook) {
950
  return \Drupal::moduleHandler()->getImplementations($hook);
951 952
}

953 954 955
/**
 * Invokes a hook in a particular module.
 *
956 957
 * All arguments are passed by value. Use \Drupal::moduleHandler()->alter() if
 * you need to pass arguments by reference.
958
 *
959
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0. Use
960 961
 *   \Drupal::moduleHandler()->invoke($module, $hook, $args = array()).
 *
962
 * @see \Drupal\Core\Extension\ModuleHandler::alter()
963 964 965 966 967 968 969 970
 * @see \Drupal\Core\Extension\ModuleHandler::invoke()
 */
function module_invoke($module, $hook) {
  $args = func_get_args();
  // Remove $module and $hook from the arguments.
  unset($args[0], $args[1]);
  return \Drupal::moduleHandler()->invoke($module, $hook, $args);
}
971

972
/**
973
 * Returns the test prefix if this is an internal request from SimpleTest.
974
 *
975
 * @param string $new_prefix
976
 *   Internal use only. A new prefix to be stored.
977
 *
978
 * @return string|FALSE
979 980 981
 *   Either the simpletest prefix (the string "simpletest" followed by any
 *   number of digits) or FALSE if the user agent does not contain a valid
 *   HMAC and timestamp.
982
 */
983
function drupal_valid_test_ua($new_prefix = NULL) {
984 985
  static $test_prefix;

986 987 988
  if (isset($new_prefix)) {
    $test_prefix = $new_prefix;
  }
989 990 991
  if (isset($test_prefix)) {
    return $test_prefix;
  }
992 993 994
  // Unless the below User-Agent and HMAC validation succeeds, we are not in
  // a test environment.
  $test_prefix = FALSE;
995

996 997
  // Perform a basic check on the User-Agent HTTP request header first. Any
  // inbound request that uses the simpletest UA header needs to be validated.
998 999 1000
  if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/^(simpletest\d+);(.+);(.+);(.+)$/", $_SERVER['HTTP_USER_AGENT'], $matches)) {
    list(, $prefix, $time, $salt, $hmac) = $matches;
    $check_string =  $prefix . ';' . $time . ';' . $salt;
1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013
    // Read the hash salt prepared by drupal_generate_test_ua().
    // This function is called before settings.php is read and Drupal's error
    // handlers are set up. While Drupal's error handling may be properly
    // configured on production sites, the server's PHP error_reporting may not.
    // Ensure that no information leaks on production sites.
    $key_file = DRUPAL_ROOT . '/sites/simpletest/' . substr($prefix, 10) . '/.htkey';
    if (!is_readable($key_file)) {
      header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
      exit;
    }
    $private_key = file_get_contents($key_file);
    // The file properties add more entropy not easily accessible to others.
    $key = $private_key . filectime(__FILE__) . fileinode(__FILE__);
1014
    $time_diff = REQUEST_TIME - $time;
1015
    $test_hmac = Crypt::hmacBase64($check_string, $key);
1016 1017
    // Since we are making a local request a 5 second time window is allowed,
    // and the HMAC must match.
1018
    if ($time_diff >= 0 && $time_diff <= 5 && $hmac === $test_hmac) {
1019 1020 1021
      $test_prefix = $prefix;
    }
  }
1022
  return $test_prefix;
1023 1024 1025
}

/**
1026
 * Generates a user agent string with a HMAC and timestamp for simpletest.
1027 1028
 */
function drupal_generate_test_ua($prefix) {
1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048
  static $key, $last_prefix;

  if (!isset($key) || $last_prefix != $prefix) {
    $last_prefix = $prefix;
    $key_file = DRUPAL_ROOT . '/sites/simpletest/' . substr($prefix, 10) . '/.htkey';
    // When issuing an outbound HTTP client request from within an inbound test
    // request, then the outbound request has to use the same User-Agent header
    // as the inbound request. A newly generated private key for the same test
    // prefix would invalidate all subsequent inbound requests.
    // @see \Drupal\Core\Http\Plugin\SimpletestHttpRequestSubscriber
    if (DRUPAL_TEST_IN_CHILD_SITE && $parent_prefix = drupal_valid_test_ua()) {
      if ($parent_prefix != $prefix) {
        throw new \RuntimeException("Malformed User-Agent: Expected '$parent_prefix' but got '$prefix'.");
      }
      // If the file is not readable, a PHP warning is expected in this case.
      $private_key = file_get_contents($key_file);
    }
    else {
      // Generate and save a new hash salt for a test run.
      // Consumed by drupal_valid_test_ua() before settings.php is loaded.
1049
      $private_key = Crypt::randomBytesBase64(55);
1050 1051 1052 1053
      file_put_contents($key_file, $private_key);
    }
    // The file properties add more entropy not easily accessible to others.
    $key = $private_key . filectime(__FILE__) . fileinode(__FILE__);
1054
  }
1055 1056 1057
  // Generate a moderately secure HMAC based on the database credentials.
  $salt = uniqid('', TRUE);
  $check_string = $prefix . ';' . time() . ';' . $salt;
1058
  return $check_string . ';' . Crypt::hmacBase64($check_string, $key);
1059 1060
}

1061
/**
1062 1063 1064
 * Enables use of the theme system without requiring database access.
 *
 * Loads and initializes the theme system for site installs, updates and when
1065
 * the site is in maintenance mode. This also applies when the database fails.
1066 1067
 *
 * @see _drupal_maintenance_theme()