bootstrap.inc 80 KB
Newer Older
1
<?php
2
3
4
5
/**
 * @file
 * Functions that need to be loaded on every Drupal request.
 */
Dries's avatar
 
Dries committed
6

7
use Drupal\Component\Utility\Crypt;
8
use Drupal\Component\Utility\NestedArray;
9
use Drupal\Component\Utility\String;
10
use Drupal\Component\Utility\Timer;
11
use Drupal\Component\Utility\Unicode;
12
use Drupal\Component\Utility\UrlHelper;
13
use Drupal\Core\DrupalKernel;
14
use Drupal\Core\Database\Database;
15
use Drupal\Core\DependencyInjection\ContainerBuilder;
16
use Drupal\Core\Extension\ExtensionDiscovery;
17
use Drupal\Core\Site\Settings;
18
use Drupal\Core\Utility\Title;
19
use Drupal\Core\Utility\Error;
20
use Symfony\Component\ClassLoader\ApcClassLoader;
21
use Symfony\Component\DependencyInjection\ContainerInterface;
22
use Symfony\Component\DependencyInjection\Container;
katbailey's avatar
katbailey committed
23
use Symfony\Component\DependencyInjection\Reference;
24
use Symfony\Component\DependencyInjection\Exception\RuntimeException as DependencyInjectionRuntimeException;
25
use Symfony\Component\HttpFoundation\Request;
26
use Symfony\Component\HttpFoundation\Response;
27
use Drupal\Core\Language\Language;
28
29
use Drupal\Core\Lock\DatabaseLockBackend;
use Drupal\Core\Lock\LockBackendInterface;
30
use Drupal\Core\Session\AnonymousUserSession;
31

32
33
34
/**
 * Minimum supported version of PHP.
 */
35
const DRUPAL_MINIMUM_PHP = '5.4.2';
36
37
38
39

/**
 * Minimum recommended value of PHP memory_limit.
 */
40
const DRUPAL_MINIMUM_PHP_MEMORY_LIMIT = '32M';
41

42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
/**
 * Error reporting level: display no errors.
 */
const ERROR_REPORTING_HIDE = 'hide';

/**
 * Error reporting level: display errors and warnings.
 */
const ERROR_REPORTING_DISPLAY_SOME = 'some';

/**
 * Error reporting level: display all messages.
 */
const ERROR_REPORTING_DISPLAY_ALL = 'all';

/**
 * Error reporting level: display all messages, plus backtrace information.
 */
const ERROR_REPORTING_DISPLAY_VERBOSE = 'verbose';

62
63
64
65
66
67
/**
 * @defgroup logging_severity_levels Logging severity levels
 * @{
 * Logging severity levels as defined in RFC 3164.
 *
 * The WATCHDOG_* constant definitions correspond to the logging severity levels
68
 * defined in RFC 3164, section 4.1.1. PHP supplies predefined LOG_* constants
69
 * for use in the syslog() function, but their values on Windows builds do not
70
 * correspond to RFC 3164. The associated PHP bug report was closed with the
71
72
73
74
75
76
77
78
79
80
81
82
83
84
 * comment, "And it's also not a bug, as Windows just have less log levels,"
 * and "So the behavior you're seeing is perfectly normal."
 *
 * @see http://www.faqs.org/rfcs/rfc3164.html
 * @see http://bugs.php.net/bug.php?id=18090
 * @see http://php.net/manual/function.syslog.php
 * @see http://php.net/manual/network.constants.php
 * @see watchdog()
 * @see watchdog_severity_levels()
 */

/**
 * Log message severity -- Emergency: system is unusable.
 */
85
const WATCHDOG_EMERGENCY = 0;
86
87
88
89

/**
 * Log message severity -- Alert: action must be taken immediately.
 */
90
const WATCHDOG_ALERT = 1;
91
92

/**
93
 * Log message severity -- Critical conditions.
94
 */
95
const WATCHDOG_CRITICAL = 2;
96
97

/**
98
 * Log message severity -- Error conditions.
99
 */
100
const WATCHDOG_ERROR = 3;
101
102

/**
103
 * Log message severity -- Warning conditions.
104
 */
105
const WATCHDOG_WARNING = 4;
106
107

/**
108
 * Log message severity -- Normal but significant conditions.
109
 */
110
const WATCHDOG_NOTICE = 5;
111
112

/**
113
 * Log message severity -- Informational messages.
114
 */
115
const WATCHDOG_INFO = 6;
116
117

/**
118
 * Log message severity -- Debug-level messages.
119
 */
120
const WATCHDOG_DEBUG = 7;
121
122
123
124
125

/**
 * @} End of "defgroup logging_severity_levels".
 */

126
127
128
/**
 * First bootstrap phase: initialize configuration.
 */
129
const DRUPAL_BOOTSTRAP_CONFIGURATION = 0;
130
131

/**
132
 * Second bootstrap phase, initalize a kernel.
133
 */
134
const DRUPAL_BOOTSTRAP_KERNEL = 1;
135
136

/**
137
 * Third bootstrap phase: try to serve a cached page.
138
 */
139
const DRUPAL_BOOTSTRAP_PAGE_CACHE = 2;
140
141

/**
142
 * Fourth bootstrap phase: load code for subsystems and modules.
143
 */
144
const DRUPAL_BOOTSTRAP_CODE = 3;
145
146

/**
147
 * Final bootstrap phase: initialize language, path, theme, and modules.
148
 */
149
const DRUPAL_BOOTSTRAP_FULL = 4;
150

151
152
153
/**
 * Role ID for anonymous users; should match what's in the "role" table.
 */
154
const DRUPAL_ANONYMOUS_RID = 'anonymous';
155
156
157
158

/**
 * Role ID for authenticated users; should match what's in the "role" table.
 */
159
const DRUPAL_AUTHENTICATED_RID = 'authenticated';
160

161
/**
162
163
164
 * The number of bytes in a kilobyte.
 *
 * For more information, visit http://en.wikipedia.org/wiki/Kilobyte.
165
 */
166
const DRUPAL_KILOBYTE = 1024;
167

168
169
170
171
172
/**
 * The maximum number of characters in a module or theme name.
 */
const DRUPAL_EXTENSION_NAME_MAX_LENGTH = 50;

173
/**
174
 * Time of the current request in seconds elapsed since the Unix Epoch.
175
 *
176
177
178
179
180
181
 * This differs from $_SERVER['REQUEST_TIME'], which is stored as a float
 * since PHP 5.4.0. Float timestamps confuse most PHP functions
 * (including date_create()).
 *
 * @see http://php.net/manual/reserved.variables.server.php
 * @see http://php.net/manual/function.time.php
182
 */
183
define('REQUEST_TIME', (int) $_SERVER['REQUEST_TIME']);
184

185
186
187
/**
 * Regular expression to match PHP function names.
 *
188
 * @see http://php.net/manual/language.functions.php
189
 */
190
const DRUPAL_PHP_FUNCTION_PATTERN = '[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*';
191

192
193
194
/**
 * $config_directories key for active directory.
 *
195
 * @see config_get_config_directory()
196
197
198
199
200
201
 */
const CONFIG_ACTIVE_DIRECTORY = 'active';

/**
 * $config_directories key for staging directory.
 *
202
 * @see config_get_config_directory()
203
204
205
 */
const CONFIG_STAGING_DIRECTORY = 'staging';

206
207
208
209
210
211
212
/**
 * Defines the root directory of the Drupal installation.
 *
 * This strips two levels of directories off the current directory.
 */
define('DRUPAL_ROOT', dirname(dirname(__DIR__)));

Dries's avatar
   
Dries committed
213
/**
214
 * Returns the appropriate configuration directory.
Dries's avatar
   
Dries committed
215
 *
216
217
218
219
 * Returns the configuration path based on the site's hostname, port, and
 * pathname. Uses find_conf_path() to find the current configuration directory.
 * See default.settings.php for examples on how the URL is converted to a
 * directory.
220
 *
221
 * @param bool $require_settings
222
223
224
225
 *   Only configuration directories with an existing settings.php file
 *   will be recognized. Defaults to TRUE. During initial installation,
 *   this is set to FALSE so that Drupal can detect a matching directory,
 *   then create a new settings.php file in it.
226
 * @param bool $reset
227
 *   Force a full search for matching directories even if one had been
228
229
 *   found previously. Defaults to FALSE.
 *
230
231
 * @return
 *   The path of the matching directory.
232
233
 *
 * @see default.settings.php
Dries's avatar
   
Dries committed
234
 */
235
function conf_path($require_settings = TRUE, $reset = FALSE) {
236
  static $conf_path;
Dries's avatar
 
Dries committed
237

238
  if (isset($conf_path) && !$reset) {
239
    return $conf_path;
Dries's avatar
Dries committed
240
  }
Dries's avatar
 
Dries committed
241

242
  // Check for a simpletest override.
243
244
  if ($test_prefix = drupal_valid_test_ua()) {
    $conf_path = 'sites/simpletest/' . substr($test_prefix, 10);
245
    return $conf_path;
246
247
248
  }

  // Otherwise, use the normal $conf_path.
249
250
251
252
253
  $script_name = $_SERVER['SCRIPT_NAME'];
  if (!$script_name) {
    $script_name = $_SERVER['SCRIPT_FILENAME'];
  }
  $http_host = $_SERVER['HTTP_HOST'];
254
255
  $conf_path = find_conf_path($http_host, $script_name, $require_settings);
  return $conf_path;
256
257
258
259
260
}

/**
 * Finds the appropriate configuration directory for a given host and path.
 *
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
 * Finds a matching configuration directory file by stripping the website's
 * hostname from left to right and pathname from right to left. By default,
 * the directory must contain a 'settings.php' file for it to match. If the
 * parameter $require_settings is set to FALSE, then a directory without a
 * 'settings.php' file will match as well. The first configuration
 * file found will be used and the remaining ones will be ignored. If no
 * configuration file is found, returns a default value '$confdir/default'. See
 * default.settings.php for examples on how the URL is converted to a directory.
 *
 * If a file named sites.php is present in the $confdir, it will be loaded
 * prior to scanning for directories. That file can define aliases in an
 * associative array named $sites. The array is written in the format
 * '<port>.<domain>.<path>' => 'directory'. As an example, to create a
 * directory alias for http://www.drupal.org:8080/mysite/test whose configuration
 * file is in sites/example.com, the array should be defined as:
 * @code
 * $sites = array(
 *   '8080.www.drupal.org.mysite.test' => 'example.com',
 * );
 * @endcode
 *
282
283
284
285
 * @param $http_host
 *   The hostname and optional port number, e.g. "www.example.com" or
 *   "www.example.com:8080".
 * @param $script_name
286
 *   The part of the URL following the hostname, including the leading slash.
287
288
289
 * @param $require_settings
 *   Defaults to TRUE. If TRUE, then only match directories with a
 *   'settings.php' file. Otherwise match any directory.
290
291
292
293
 *
 * @return
 *   The path of the matching configuration directory.
 *
294
295
 * @see default.settings.php
 * @see example.sites.php
296
297
298
 * @see conf_path()
 */
function find_conf_path($http_host, $script_name, $require_settings = TRUE) {
299
300
301
302
  // Determine whether multi-site functionality is enabled.
  if (!file_exists(DRUPAL_ROOT . '/sites/sites.php')) {
    return 'sites/default';
  }
303
304

  $sites = array();
305
  include DRUPAL_ROOT . '/sites/sites.php';
306

307
308
  $uri = explode('/', $script_name);
  $server = explode('.', implode('.', array_reverse(explode(':', rtrim($http_host, '.')))));
Dries's avatar
Dries committed
309
310
311
  for ($i = count($uri) - 1; $i > 0; $i--) {
    for ($j = count($server); $j > 0; $j--) {
      $dir = implode('.', array_slice($server, -$j)) . implode('.', array_slice($uri, 0, $i));
312
      if (isset($sites[$dir]) && file_exists(DRUPAL_ROOT . '/sites/' . $sites[$dir])) {
313
314
        $dir = $sites[$dir];
      }
315
316
      if (file_exists(DRUPAL_ROOT . '/sites/' . $dir . '/settings.php') || (!$require_settings && file_exists(DRUPAL_ROOT . '/sites/' . $dir))) {
        return "sites/$dir";
Dries's avatar
Dries committed
317
      }
Dries's avatar
 
Dries committed
318
319
    }
  }
320
  return 'sites/default';
Dries's avatar
 
Dries committed
321
322
}

323
/**
324
325
326
327
328
 * Returns the path of a configuration directory.
 *
 * @param string $type
 *   (optional) The type of config directory to return. Drupal core provides
 *   'active' and 'staging'. Defaults to CONFIG_ACTIVE_DIRECTORY.
329
330
331
332
 *
 * @return string
 *   The configuration directory path.
 */
333
334
function config_get_config_directory($type = CONFIG_ACTIVE_DIRECTORY) {
  global $config_directories;
335

336
  if (!empty($config_directories[$type])) {
337
    return $config_directories[$type];
338
  }
339
  throw new \Exception(format_string('The configuration directory type %type does not exist.', array('%type' => $type)));
340
341
}

342
/**
343
 * Initializes the PHP environment.
344
 */
345
function drupal_environment_initialize() {
346
347
348
  if (!isset($_SERVER['SERVER_PROTOCOL']) || ($_SERVER['SERVER_PROTOCOL'] != 'HTTP/1.0' && $_SERVER['SERVER_PROTOCOL'] != 'HTTP/1.1')) {
    $_SERVER['SERVER_PROTOCOL'] = 'HTTP/1.0';
  }
349

350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
  if (isset($_SERVER['HTTP_HOST'])) {
    // As HTTP_HOST is user input, ensure it only contains characters allowed
    // in hostnames. See RFC 952 (and RFC 2181).
    // $_SERVER['HTTP_HOST'] is lowercased here per specifications.
    $_SERVER['HTTP_HOST'] = strtolower($_SERVER['HTTP_HOST']);
    if (!drupal_valid_http_host($_SERVER['HTTP_HOST'])) {
      // HTTP_HOST is invalid, e.g. if containing slashes it may be an attack.
      header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request');
      exit;
    }
  }
  else {
    // Some pre-HTTP/1.1 clients will not send a Host header. Ensure the key is
    // defined for E_ALL compliance.
    $_SERVER['HTTP_HOST'] = '';
365
366
  }

367
368
  // @todo Refactor with the Symfony Request object.
  _current_path(request_path());
369

370
371
  // Enforce E_STRICT, but allow users to set levels not part of E_STRICT.
  error_reporting(E_STRICT | E_ALL | error_reporting());
372

373
374
375
  // Override PHP settings required for Drupal to work properly.
  // sites/default/default.settings.php contains more runtime settings.
  // The .htaccess file contains settings that cannot be changed at runtime.
376

377
378
  // Use session cookies, not transparent sessions that puts the session id in
  // the query string.
379
  ini_set('session.use_cookies', '1');
380
  ini_set('session.use_only_cookies', '1');
381
  ini_set('session.use_trans_sid', '0');
382
  // Don't send HTTP headers using PHP's session handler.
383
384
  // Send an empty string to disable the cache limiter.
  ini_set('session.cache_limiter', '');
385
386
  // Use httponly session cookies.
  ini_set('session.cookie_httponly', '1');
387
388
389
390

  // Set sane locale settings, to ensure consistent string, dates, times and
  // numbers handling.
  setlocale(LC_ALL, 'C');
391
392
}

393
/**
394
 * Validates that a hostname (for example $_SERVER['HTTP_HOST']) is safe.
395
396
397
398
 *
 * @return
 *  TRUE if only containing valid characters, or FALSE otherwise.
 */
399
400
function drupal_valid_http_host($host) {
  return preg_match('/^\[?(?:[a-zA-Z0-9-:\]_]+\.?)+$/', $host);
401
402
}

403
/**
404
 * Sets the base URL, cookie domain, and session name from configuration.
405
 */
406
function drupal_settings_initialize() {
407
  // Export these settings.php variables to the global namespace.
408
409
  global $base_url, $cookie_domain, $config_directories, $config;
  $databases = array();
410
411
  $settings = array();
  $config = array();
Dries's avatar
Dries committed
412

413
414
  // Make conf_path() available as local variable in settings.php.
  $conf_path = conf_path();
415
  if (is_readable(DRUPAL_ROOT . '/' . $conf_path . '/settings.php')) {
416
    require DRUPAL_ROOT . '/' . $conf_path . '/settings.php';
417
  }
418
419
  // Initialize Database.
  Database::setMultipleConnectionInfo($databases);
420
421
  // Initialize Settings.
  new Settings($settings);
422
423
424
425
426
427
428
429
430
431
432
433
434
435
}

/**
 * Initializes global request variables.
 *
 * @todo D8: Eliminate this entirely in favor of Request object.
 */
function _drupal_request_initialize() {
  // Provided by settings.php.
  // @see drupal_settings_initialize()
  global $base_url, $cookie_domain;
  // Set and derived from $base_url by this function.
  global $base_path, $base_root, $script_path;
  global $base_secure_url, $base_insecure_url;
436

437
  $is_https = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on';
438
439
440
441

  if (isset($base_url)) {
    // Parse fixed base URL from settings.php.
    $parts = parse_url($base_url);
442
443
444
    if (!isset($parts['path'])) {
      $parts['path'] = '';
    }
445
    $base_path = $parts['path'] . '/';
446
447
448
449
450
    // Build $base_root (everything until first slash after "scheme://").
    $base_root = substr($base_url, 0, strlen($base_url) - strlen($parts['path']));
  }
  else {
    // Create base URL
451
    $http_protocol = $is_https ? 'https' : 'http';
452
    $base_root = $http_protocol . '://' . $_SERVER['HTTP_HOST'];
453

454
    $base_url = $base_root;
455

456
457
    // For a request URI of '/index.php/foo', $_SERVER['SCRIPT_NAME'] is
    // '/index.php', whereas $_SERVER['PHP_SELF'] is '/index.php/foo'.
458
    if ($dir = rtrim(dirname($_SERVER['SCRIPT_NAME']), '\/')) {
459
      // Remove "core" directory if present, allowing install.php, update.php,
460
      // and others to auto-detect a base path.
461
462
463
464
465
466
467
      $core_position = strrpos($dir, '/core');
      if ($core_position !== FALSE && strlen($dir) - 5 == $core_position) {
        $base_path = substr($dir, 0, $core_position);
      }
      else {
        $base_path = $dir;
      }
468
469
470
471
472
473
474
      $base_url .= $base_path;
      $base_path .= '/';
    }
    else {
      $base_path = '/';
    }
  }
475
476
  $base_secure_url = str_replace('http://', 'https://', $base_url);
  $base_insecure_url = str_replace('https://', 'http://', $base_url);
477

478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
  // Determine the path of the script relative to the base path, and add a
  // trailing slash. This is needed for creating URLs to Drupal pages.
  if (!isset($script_path)) {
    $script_path = '';
    // We don't expect scripts outside of the base path, but sanity check
    // anyway.
    if (strpos($_SERVER['SCRIPT_NAME'], $base_path) === 0) {
      $script_path = substr($_SERVER['SCRIPT_NAME'], strlen($base_path)) . '/';
      // If the request URI does not contain the script name, then clean URLs
      // are in effect and the script path can be similarly dropped from URL
      // generation. For servers that don't provide $_SERVER['REQUEST_URI'], we
      // do not know the actual URI requested by the client, and request_uri()
      // returns a URI with the script name, resulting in non-clean URLs unless
      // there's other code that intervenes.
      if (strpos(request_uri(TRUE) . '/', $base_path . $script_path) !== 0) {
        $script_path = '';
      }
      // @todo Temporary BC for install.php, update.php, and other scripts.
      //   - http://drupal.org/node/1547184
      //   - http://drupal.org/node/1546082
      if ($script_path !== 'index.php/') {
        $script_path = '';
      }
    }
  }

504
505
506
507
508
  if ($cookie_domain) {
    // If the user specifies the cookie domain, also use it for session name.
    $session_name = $cookie_domain;
  }
  else {
509
    // Otherwise use $base_url as session name, without the protocol
510
    // to use the same session identifiers across HTTP and HTTPS.
511
    list( , $session_name) = explode('://', $base_url, 2);
512
513
    // HTTP_HOST can be modified by a visitor, but we already sanitized it
    // in drupal_settings_initialize().
514
    if (!empty($_SERVER['HTTP_HOST'])) {
515
      $cookie_domain = $_SERVER['HTTP_HOST'];
516
517
518
519
520
521
522
      // Strip leading periods, www., and port numbers from cookie domain.
      $cookie_domain = ltrim($cookie_domain, '.');
      if (strpos($cookie_domain, 'www.') === 0) {
        $cookie_domain = substr($cookie_domain, 4);
      }
      $cookie_domain = explode(':', $cookie_domain);
      $cookie_domain = '.' . $cookie_domain[0];
523
524
525
526
527
528
529
    }
  }
  // Per RFC 2109, cookie domains must contain at least one dot other than the
  // first. For hosts such as 'localhost' or IP Addresses we don't set a cookie domain.
  if (count(explode('.', $cookie_domain)) > 2 && !is_numeric(str_replace('.', '', $cookie_domain))) {
    ini_set('session.cookie_domain', $cookie_domain);
  }
530
531
532
533
534
535
536
537
538
539
  // To prevent session cookies from being hijacked, a user can configure the
  // SSL version of their website to only transfer session cookies via SSL by
  // using PHP's session.cookie_secure setting. The browser will then use two
  // separate session cookies for the HTTPS and HTTP versions of the site. So we
  // must use different session identifiers for HTTPS and HTTP to prevent a
  // cookie collision.
  if ($is_https) {
    ini_set('session.cookie_secure', TRUE);
  }
  $prefix = ini_get('session.cookie_secure') ? 'SSESS' : 'SESS';
540
  session_name($prefix . substr(hash('sha256', $session_name), 0, 32));
541
542
}

Dries's avatar
Dries committed
543
/**
544
545
546
547
 * Returns and optionally sets the filename for a system resource.
 *
 * The filename, whether provided, cached, or retrieved from the database, is
 * only returned if the file exists.
Dries's avatar
Dries committed
548
 *
Dries's avatar
Dries committed
549
550
 * This function plays a key role in allowing Drupal's resources (modules
 * and themes) to be located in different places depending on a site's
551
 * configuration. For example, a module 'foo' may legally be located
Dries's avatar
Dries committed
552
553
 * in any of these three places:
 *
554
555
556
 * core/modules/foo/foo.info.yml
 * modules/foo/foo.info.yml
 * sites/example.com/modules/foo/foo.info.yml
Dries's avatar
Dries committed
557
558
559
560
 *
 * Calling drupal_get_filename('module', 'foo') will give you one of
 * the above, depending on where the module is located.
 *
Dries's avatar
Dries committed
561
 * @param $type
562
563
 *   The type of the item; one of 'core', 'profile', 'module', 'theme', or
 *   'theme_engine'.
Dries's avatar
Dries committed
564
 * @param $name
565
566
 *   The name of the item for which the filename is requested. Ignored for
 *   $type 'core'.
Dries's avatar
Dries committed
567
568
569
570
571
 * @param $filename
 *   The filename of the item if it is to be set explicitly rather
 *   than by consulting the database.
 *
 * @return
572
 *   The filename of the requested item or NULL if the item is not found.
Dries's avatar
Dries committed
573
 */
Dries's avatar
Dries committed
574
function drupal_get_filename($type, $name, $filename = NULL) {
575
576
  // The location of files will not change during the request, so do not use
  // drupal_static().
577
  static $files = array();
Dries's avatar
Dries committed
578

579
580
581
582
583
584
585
586
  // Type 'core' only exists to simplify application-level logic; it always maps
  // to the /core directory, whereas $name is ignored. It is only requested via
  // drupal_get_path(). /core/core.info.yml does not exist, but is required
  // since drupal_get_path() returns the dirname() of the returned pathname.
  if ($type === 'core') {
    return 'core/core.info.yml';
  }

587
588
589
  // Profiles are converted into modules in system_rebuild_module_data().
  // @todo Remove false-exposure of profiles as modules.
  $original_type = $type;
590
  if ($type == 'profile') {
591
    $type = 'module';
592
  }
593
  if (!isset($files[$type])) {
Dries's avatar
Dries committed
594
595
596
    $files[$type] = array();
  }

597
  if (isset($filename)) {
Dries's avatar
Dries committed
598
599
    $files[$type][$name] = $filename;
  }
600
601
602
603
604
605
  elseif (!isset($files[$type][$name])) {
    // If the pathname of the requested extension is not known, try to retrieve
    // the list of extension pathnames from various providers, checking faster
    // providers first.
    // Retrieve the current module list (derived from the service container).
    if ($type == 'module' && \Drupal::hasService('module_handler')) {
606
607
608
      foreach (\Drupal::moduleHandler()->getModuleList() as $module_name => $module) {
        $files[$type][$module_name] = $module->getPathname();
      }
609
610
611
612
613
    }
    // If still unknown, retrieve the file list prepared in state by
    // system_rebuild_module_data() and system_rebuild_theme_data().
    if (!isset($files[$type][$name]) && \Drupal::hasService('state')) {
      $files[$type] += \Drupal::state()->get('system.' . $type . '.files', array());
614
    }
615
    // If still unknown, perform a filesystem scan.
616
    if (!isset($files[$type][$name])) {
617
618
619
620
      $listing = new ExtensionDiscovery();
      // Prevent an infinite recursion by this legacy function.
      if ($original_type == 'profile') {
        $listing->setProfileDirectories(array());
621
      }
622
      foreach ($listing->scan($original_type) as $extension_name => $file) {
623
        $files[$type][$extension_name] = $file->getPathname();
Dries's avatar
Dries committed
624
625
626
627
      }
    }
  }

628
629
630
  if (isset($files[$type][$name])) {
    return $files[$type][$name];
  }
Dries's avatar
Dries committed
631
632
}

633
634
635
636
637
638
639
640
641
642
643
644
/**
 * Gets the page cache cid for this request.
 *
 * @param \Symfony\Component\HttpFoundation\Request $request
 *   The request for this page.
 *
 * @return string
 *   The cid for this request.
 */
function drupal_page_cache_get_cid(Request $request) {
  $cid_parts = array(
    $request->getUri(),
645
    \Drupal::service('content_negotiation')->getContentType($request),
646
647
648
649
  );
  return sha1(implode(':', $cid_parts));
}

Dries's avatar
   
Dries committed
650
/**
651
 * Retrieves the current page from the cache.
Dries's avatar
   
Dries committed
652
 *
653
654
 * @param \Symfony\Component\HttpFoundation\Request $request
 *   The request for this page.
655
 *
656
657
 * @return \Symfony\Component\HttpFoundation\Response
 *   The response, if the page was found in the cache, NULL otherwise.
Dries's avatar
   
Dries committed
658
 */
659
function drupal_page_get_cache(Request $request) {
660
661
662
  $cache = \Drupal::cache('render')->get(drupal_page_cache_get_cid($request));
  if ($cache) {
    return $cache->data;
663
  }
664
665
666
}

/**
667
 * Determines the cacheability of the current page.
668
 *
669
670
671
672
673
 * Note: we do not serve cached pages to authenticated users, or to anonymous
 * users when $_SESSION is non-empty. $_SESSION may contain status messages
 * from a form submission, the contents of a shopping cart, or other user-
 * specific content that should not be cached and displayed to other users.
 *
674
 * @param $allow_caching
675
676
 *   Set to FALSE if you want to prevent this page to get cached.
 *
677
 * @return
678
 *   TRUE if the current page can be cached, FALSE otherwise.
679
680
681
682
683
 */
function drupal_page_is_cacheable($allow_caching = NULL) {
  $allow_caching_static = &drupal_static(__FUNCTION__, TRUE);
  if (isset($allow_caching)) {
    $allow_caching_static = $allow_caching;
Dries's avatar
 
Dries committed
684
  }
685
686

  return $allow_caching_static && ($_SERVER['REQUEST_METHOD'] == 'GET' || $_SERVER['REQUEST_METHOD'] == 'HEAD')
687
    && !drupal_is_cli();
Dries's avatar
 
Dries committed
688
689
}

690
/**
691
 * Sets an HTTP response header for the current page.
692
693
694
695
696
 *
 * Note: When sending a Content-Type header, always include a 'charset' type,
 * too. This is necessary to avoid security bugs (e.g. UTF-7 XSS).
 *
 * @param $name
697
 *   The HTTP header name, or the special 'Status' header name.
698
 * @param $value
699
700
701
 *   The HTTP header value; if equal to FALSE, the specified header is unset.
 *   If $name is 'Status', this is expected to be a status code followed by a
 *   reason phrase, e.g. "404 Not Found".
702
703
 * @param $append
 *   Whether to append the value to an existing header or to replace it.
704
 *
705
706
707
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   Use \Symfony\Component\HttpFoundation\Response->headers->set().
 *   See https://drupal.org/node/2181523.
708
 */
709
function drupal_add_http_header($name, $value, $append = FALSE) {
710
  // The headers as name/value pairs.
711
  $headers = &drupal_static('drupal_http_headers', array());
712

713
  $name_lower = strtolower($name);
714
  _drupal_set_preferred_header_name($name);
715

716
  if ($value === FALSE) {
717
    $headers[$name_lower] = FALSE;
718
  }
719
  elseif (isset($headers[$name_lower]) && $append) {
720
721
    // Multiple headers with identical names may be combined using comma (RFC
    // 2616, section 4.2).
722
    $headers[$name_lower] .= ',' . $value;
723
724
  }
  else {
725
    $headers[$name_lower] = $value;
726
727
728
729
  }
}

/**
730
 * Gets the HTTP response headers for the current page.
731
732
733
734
 *
 * @param $name
 *   An HTTP header name. If omitted, all headers are returned as name/value
 *   pairs. If an array value is FALSE, the header has been unset.
735
 *
736
737
738
 * @return
 *   A string containing the header value, or FALSE if the header has been set,
 *   or NULL if the header has not been set.
739
 *
740
741
742
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   Use \Symfony\Component\HttpFoundation\Response->headers->get().
 *   See https://drupal.org/node/2181523.
743
 */
744
function drupal_get_http_header($name = NULL) {
745
  $headers = &drupal_static('drupal_http_headers', array());
746
747
748
749
750
751
752
753
754
755
  if (isset($name)) {
    $name = strtolower($name);
    return isset($headers[$name]) ? $headers[$name] : NULL;
  }
  else {
    return $headers;
  }
}

/**
756
757
 * Sets the preferred name for the HTTP header.
 *
758
 * Header names are case-insensitive, but for maximum compatibility they should
759
760
 * follow "common form" (see RFC 2616, section 4.2).
 *
761
762
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   See https://drupal.org/node/2181523.
763
764
765
766
767
768
769
770
771
772
773
 */
function _drupal_set_preferred_header_name($name = NULL) {
  static $header_names = array();

  if (!isset($name)) {
    return $header_names;
  }
  $header_names[strtolower($name)] = $name;
}

/**
774
775
776
777
 * Sends the HTTP response headers that were previously set, adding defaults.
 *
 * Headers are set in drupal_add_http_header(). Default headers are not set
 * if they have been replaced or unset using drupal_add_http_header().
778
 *
779
780
781
782
783
 * @param array $default_headers
 *   (optional) An array of headers as name/value pairs.
 * @param bool $only_default
 *   (optional) If TRUE and headers have already been sent, send only the
 *   specified headers.
784
 *
785
786
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   See https://drupal.org/node/2181523.
787
788
789
 */
function drupal_send_headers($default_headers = array(), $only_default = FALSE) {
  $headers_sent = &drupal_static(__FUNCTION__, FALSE);
790
  $headers = drupal_get_http_header();
791
792
793
794
795
796
797
798
799
800
801
802
803
804
  if ($only_default && $headers_sent) {
    $headers = array();
  }
  $headers_sent = TRUE;

  $header_names = _drupal_set_preferred_header_name();
  foreach ($default_headers as $name => $value) {
    $name_lower = strtolower($name);
    if (!isset($headers[$name_lower])) {
      $headers[$name_lower] = $value;
      $header_names[$name_lower] = $name;
    }
  }
  foreach ($headers as $name_lower => $value) {
805
    if ($name_lower == 'status') {
806
807
808
      header($_SERVER['SERVER_PROTOCOL'] . ' ' . $value);
    }
    // Skip headers that have been unset.
809
    elseif ($value !== FALSE) {
810
811
812
813
814
      header($header_names[$name_lower] . ': ' . $value);
    }
  }
}

Dries's avatar
   
Dries committed
815
/**
816
 * Sets HTTP headers in preparation for a page response.
817
 *
818
819
820
821
 * Authenticated users are always given a 'no-cache' header, and will fetch a
 * fresh page on every request. This prevents authenticated users from seeing
 * locally cached pages.
 *
822
 * Also give each page a unique ETag. This should force clients to include both
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
 * an If-Modified-Since header and an If-None-Match header when doing
 * conditional requests for the page (required by RFC 2616, section 13.3.4),
 * making the validation more robust. This is a workaround for a bug in Mozilla
 * Firefox that is triggered when Drupal's caching is enabled and the user
 * accesses Drupal via an HTTP proxy (see
 * https://bugzilla.mozilla.org/show_bug.cgi?id=269303): When an authenticated
 * user requests a page, and then logs out and requests the same page again,
 * Firefox may send a conditional request based on the page that was cached
 * locally when the user was logged in. If this page did not have an ETag
 * header, the request only contains an If-Modified-Since header. The date will
 * be recent, because with authenticated users the Last-Modified header always
 * refers to the time of the request. If the user accesses Drupal via a proxy
 * server, and the proxy already has a cached copy of the anonymous page with an
 * older Last-Modified date, the proxy may respond with 304 Not Modified, making
 * the client think that the anonymous and authenticated pageviews are
 * identical.
839
 *
840
 * @see drupal_page_set_cache()
841
 *
842
843
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   See https://drupal.org/node/2181523.
Dries's avatar
   
Dries committed
844
 */
Dries's avatar
 
Dries committed
845
function drupal_page_header() {
846
847
848
849
850
851
852
853
854
855
856
857
858
  $headers_sent = &drupal_static(__FUNCTION__, FALSE);
  if ($headers_sent) {
    return TRUE;
  }
  $headers_sent = TRUE;

  $default_headers = array(
    'Expires' => 'Sun, 19 Nov 1978 05:00:00 GMT',
    'Last-Modified' => gmdate(DATE_RFC1123, REQUEST_TIME),
    'Cache-Control' => 'no-cache, must-revalidate, post-check=0, pre-check=0',
    'ETag' => '"' . REQUEST_TIME . '"',
  );
  drupal_send_headers($default_headers);
859
}
Dries's avatar
   
Dries committed
860

861
/**
862
 * Sets HTTP headers in preparation for a cached page response.
863
 *
864
865
 * The headers allow as much as possible in proxies and browsers without any
 * particular knowledge about the pages. Modules can override these headers
866
 * using drupal_add_http_header().
867
 *
868
869
870
871
 * If the request is conditional (using If-Modified-Since and If-None-Match),
 * and the conditions match those currently in the cache, a 304 Not Modified
 * response is sent.
 */
872
873
874
875
876
877
878
879
880
881
882
function drupal_serve_page_from_cache(Response $response, Request $request) {
  // Only allow caching in the browser and prevent that the response is stored
  // by an external proxy server when the following conditions apply:
  // 1. There is a session cookie on the request.
  // 2. The Vary: Cookie header is on the response.
  // 3. The Cache-Control header does not contain the no-cache directive.
  if ($request->cookies->has(session_name()) &&
    in_array('Cookie', $response->getVary()) &&
    !$response->headers->hasCacheControlDirective('no-cache')) {

    $response->setPrivate();
883
884
  }

885
886
887
888
  // Negotiate whether to use compression.
  if ($response->headers->get('Content-Encoding') == 'gzip' && extension_loaded('zlib')) {
    if (strpos($request->headers->get('Accept-Encoding'), 'gzip') !== FALSE) {
      // The response content is already gzip'ed, so make sure
889
      // zlib.output_compression does not compress it once more.
890
      ini_set('zlib.output_compression', '0');
891
892
    }
    else {
893
894
895
896
897
898
      // The client does not support compression. Decompress the content and
      // remove the Content-Encoding header.
      $content = $response->getContent();
      $content = gzinflate(substr(substr($content, 10), 0, -8));
      $response->setContent($content);
      $response->headers->remove('Content-Encoding');
899
    }
900
901
  }

902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
  // Perform HTTP revalidation.
  // @todo Use Response::isNotModified() as per https://drupal.org/node/2259489
  $last_modified = $response->getLastModified();
  if ($last_modified) {
    // See if the client has provided the required HTTP headers.
    $if_modified_since = $request->server->has('HTTP_IF_MODIFIED_SINCE') ? strtotime($request->server->get('HTTP_IF_MODIFIED_SINCE')) : FALSE;
    $if_none_match = $request->server->has('HTTP_IF_NONE_MATCH') ? stripslashes($request->server->get('HTTP_IF_NONE_MATCH')) : FALSE;

    if ($if_modified_since && $if_none_match
      && $if_none_match == $response->getEtag() // etag must match
      && $if_modified_since == $last_modified->getTimestamp()) {  // if-modified-since must match
      $response->setStatusCode(304);
      $response->setContent(NULL);

      // In the case of a 304 response, certain headers must be sent, and the
      // remaining may not (see RFC 2616, section 10.3.5).
      foreach (array_keys($response->headers->all()) as $name) {
        if (!in_array($name, array('content-location', 'expires', 'cache-control', 'vary'))) {
          $response->headers->remove($name);
        }
      }
    }
  }
Dries's avatar
 
Dries committed
925
926
}

927
/**
928
 * Translates a string to the current language or to a given language.
929
 *
930
931
932
 * The t() function serves two purposes. First, at run-time it translates
 * user-visible text into the appropriate language. Second, various mechanisms
 * that figure out what text needs to be translated work off t() -- the text
933
934
935
936
937
 * inside t() calls is added to the database of strings to be translated.
 * These strings are expected to be in English, so the first argument should
 * always be in English. To enable a fully-translatable site, it is important
 * that all human-readable text that will be displayed on the site or sent to
 * a user is passed through the t() function, or a related function. See the
938
939
940
941
 * @link http://drupal.org/node/322729 Localization API @endlink pages for
 * more information, including recommendations on how to break up or not
 * break up strings for translation.
 *
942
 * @section sec_translating_vars Translating Variables
943
944
945
946
947
948
949
950
951
 * You should never use t() to translate variables, such as calling
 * @code t($text); @endcode, unless the text that the variable holds has been
 * passed through t() elsewhere (e.g., $text is one of several translated
 * literal strings in an array). It is especially important never to call
 * @code t($user_text); @endcode, where $user_text is some text that a user
 * entered - doing that can lead to cross-site scripting and other security
 * problems. However, you can use variable substitution in your string, to put
 * variable text such as user names or link URLs into translated text. Variable
 * substitution looks like this:
952
 * @code
953
 * $text = t("@name's blog", array('@name' => user_format_name($account)));
954
 * @endcode
955
 * Basically, you can put variables like @name into your string, and t() will
956
957
 * substitute their sanitized values at translation time. (See the
 * Localization API pages referenced above and the documentation of
958
959
960
 * format_string() for details about how to define variables in your string.)
 * Translators can then rearrange the string as necessary for the language
 * (e.g., in Spanish, it might be "blog de @name").
961
962
963
964
 *
 * @param $string
 *   A string containing the English string to translate.
 * @param $args
965
966
967
 *   An associative array of replacements to make after translation. Based
 *   on the first character of the key, the value is escaped and/or themed.
 *   See format_string() for details.
968
 * @param $options
969
970
971
972
973
 *   An associative array of additional options, with the following elements:
 *   - 'langcode' (defaults to the current language): The language code to
 *     translate to a language other than what is used to display the page.
 *   - 'context' (defaults to the empty context): The context the source string
 *     belongs to.
974
 *
975
976
 * @return
 *   The translated string.
977
 *
978
 * @see format_string()
979
 * @ingroup sanitization
980
981
 */
function t($string, array $args = array(), array $options = array()) {
982
  return \Drupal::translation()->translate($string, $args, $options);
983
984
985
}

/**
986
987
 * Formats a string for HTML display by replacing variable placeholders.
 *
988
 * @see \Drupal\Component\Utility\String::format()
989
990
991
992
 * @see t()
 * @ingroup sanitization
 */
function format_string($string, array $args = array()) {
993
  return String::format($string, $args);
994
995
}

Dries's avatar
Dries committed
996
/**
997
 * Encodes special characters in a plain-text string for display as HTML.
Gábor Hojtsy's avatar
Gábor Hojtsy committed
998
 *
999
 * @see drupal_validate_utf8()
1000
 * @ingroup sanitization
1001
 *
1002
1003
 * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
 *   Use \Drupal\Component\Utility\String::checkPlain().
Dries's avatar
Dries committed
1004
1005
 */
function check_plain($text) {
1006
  return String::checkPlain($text);
Gábor Hojtsy's avatar
Gábor Hojtsy committed
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
}

/**
 * Checks whether a string is valid UTF-8.
 *
 * All functions designed to filter input should use drupal_validate_utf8
 * to ensure they operate on valid UTF-8 strings to prevent bypass of the
 * filter.
 *
 * When text containing an invalid UTF-8 lead byte (0xC0 - 0xFF) is presented
 * as UTF-8 to Internet Explorer 6, the program may misinterpret subsequent
 * bytes. When these subsequent bytes are HTML control characters such as
 * quotes or angle brackets, parts of the text that were deemed safe by filters
 * end up in locations that are potentially unsafe; An onerror attribute that
 * is outside of a tag, and thus deemed safe by a filter, can be interpreted
 * by the browser as if it were inside the tag.
 *
1024
1025
 * The function does not return FALSE for strings containing character codes
 * above U+10FFFF, even though these are prohibited by RFC 3629.
Gábor Hojtsy's avatar
Gábor Hojtsy committed
1026
1027