DrupalKernel.php 44.2 KB
Newer Older
1
2
3
4
5
6
7
8
9
<?php

/**
 * @file
 * Definition of Drupal\Core\DrupalKernel.
 */

namespace Drupal\Core;

10
use Drupal\Component\ProxyBuilder\ProxyDumper;
11
12
13
14
use Drupal\Component\Utility\Crypt;
use Drupal\Component\Utility\Timer;
use Drupal\Component\Utility\Unicode;
use Drupal\Component\Utility\UrlHelper;
15
use Drupal\Core\Config\BootstrapConfigStorageFactory;
16
use Drupal\Core\Config\NullStorage;
17
use Drupal\Core\Database\Database;
18
use Drupal\Core\DependencyInjection\ContainerBuilder;
19
use Drupal\Core\DependencyInjection\ServiceProviderInterface;
20
use Drupal\Core\DependencyInjection\YamlFileLoader;
21
use Drupal\Core\Extension\ExtensionDiscovery;
22
use Drupal\Core\File\MimeType\MimeTypeGuesser;
23
use Drupal\Core\Http\TrustedHostsRequestFactory;
24
use Drupal\Core\Language\Language;
25
use Drupal\Core\PageCache\RequestPolicyInterface;
26
use Drupal\Core\PhpStorage\PhpStorageFactory;
27
use Drupal\Core\ProxyBuilder\ProxyBuilder;
28
use Drupal\Core\Site\Settings;
29
use Symfony\Cmf\Component\Routing\RouteObjectInterface;
30
use Symfony\Component\DependencyInjection\ContainerInterface;
31
use Symfony\Component\DependencyInjection\ParameterBag\ParameterBag;
32
use Symfony\Component\DependencyInjection\Dumper\PhpDumper;
33
use Symfony\Component\HttpFoundation\RedirectResponse;
34
use Symfony\Component\HttpFoundation\Request;
35
use Symfony\Component\HttpFoundation\RequestStack;
36
use Symfony\Component\HttpFoundation\Response;
37
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
38
use Symfony\Component\HttpKernel\TerminableInterface;
39
use Composer\Autoload\ClassLoader;
40
use Symfony\Component\Routing\Route;
41
42
43

/**
 * The DrupalKernel class is the core of Drupal itself.
44
45
 *
 * This class is responsible for building the Dependency Injection Container and
46
47
48
49
50
51
52
53
 * also deals with the registration of service providers. It allows registered
 * service providers to add their services to the container. Core provides the
 * CoreServiceProvider, which, in addition to registering any core services that
 * cannot be registered in the core.services.yaml file, adds any compiler passes
 * needed by core, e.g. for processing tagged services. Each module can add its
 * own service provider, i.e. a class implementing
 * Drupal\Core\DependencyInjection\ServiceProvider, to register services to the
 * container, or modify existing services.
54
 */
55
56
class DrupalKernel implements DrupalKernelInterface, TerminableInterface {

57
  const CONTAINER_BASE_CLASS = '\Drupal\Core\DependencyInjection\Container';
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

  /**
   * Holds the container instance.
   *
   * @var \Symfony\Component\DependencyInjection\ContainerInterface
   */
  protected $container;

  /**
   * The environment, e.g. 'testing', 'install'.
   *
   * @var string
   */
  protected $environment;

  /**
   * Whether the kernel has been booted.
   *
   * @var bool
   */
78
  protected $booted = FALSE;
79

80
81
82
83
84
85
86
  /**
   * Whether essential services have been set up properly by preHandle().
   *
   * @var bool
   */
  protected $prepared = FALSE;

87
88
89
90
  /**
   * Holds the list of enabled modules.
   *
   * @var array
91
92
   *   An associative array whose keys are module names and whose values are
   *   ignored.
93
94
95
   */
  protected $moduleList;

96
  /**
97
   * List of available modules and installation profiles.
98
   *
99
   * @var \Drupal\Core\Extension\Extension[]
100
   */
101
  protected $moduleData = array();
102
103
104
105
106
107
108
109

  /**
   * PHP code storage object to use for the compiled container.
   *
   * @var \Drupal\Component\PhpStorage\PhpStorageInterface
   */
  protected $storage;

110
  /**
111
   * The class loader object.
112
   *
113
   * @var \Composer\Autoload\ClassLoader
114
115
116
   */
  protected $classLoader;

117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
  /**
   * Config storage object used for reading enabled modules configuration.
   *
   * @var \Drupal\Core\Config\StorageInterface
   */
  protected $configStorage;

  /**
   * Whether the container can be dumped.
   *
   * @var bool
   */
  protected $allowDumping;

  /**
   * Whether the container needs to be dumped once booting is complete.
   *
   * @var bool
   */
  protected $containerNeedsDumping;

138
  /**
139
140
141
142
143
144
   * List of discovered services.yml pathnames.
   *
   * This is a nested array whose top-level keys are 'app' and 'site', denoting
   * the origin of a service provider. Site-specific providers have to be
   * collected separately, because they need to be processed last, so as to be
   * able to override services from application service providers.
145
146
147
148
149
   *
   * @var array
   */
  protected $serviceYamls;

150
  /**
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
   * List of discovered service provider class names.
   *
   * This is a nested array whose top-level keys are 'app' and 'site', denoting
   * the origin of a service provider. Site-specific providers have to be
   * collected separately, because they need to be processed last, so as to be
   * able to override services from application service providers.
   *
   * @var array
   */
  protected $serviceProviderClasses;

  /**
   * List of instantiated service provider classes.
   *
   * @see \Drupal\Core\DrupalKernel::$serviceProviderClasses
166
167
168
169
170
   *
   * @var array
   */
  protected $serviceProviders;

171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
  /**
   * Whether the PHP environment has been initialized.
   *
   * This legacy phase can only be booted once because it sets session INI
   * settings. If a session has already been started, re-generating these
   * settings would break the session.
   *
   * @var bool
   */
  protected static $isEnvironmentInitialized = FALSE;

  /**
   * The site directory.
   *
   * @var string
   */
  protected $sitePath;

189
190
191
192
193
194
195
  /**
   * The app root.
   *
   * @var string
   */
  protected $root;

196
197
198
199
  /**
   * Create a DrupalKernel object from a request.
   *
   * @param \Symfony\Component\HttpFoundation\Request $request
200
201
202
203
204
   *   The request.
   * @param $class_loader
   *   The class loader. Normally Composer's ClassLoader, as included by the
   *   front controller, but may also be decorated; e.g.,
   *   \Symfony\Component\ClassLoader\ApcClassLoader.
205
206
207
208
209
   * @param string $environment
   *   String indicating the environment, e.g. 'prod' or 'dev'.
   * @param bool $allow_dumping
   *   (optional) FALSE to stop the container from being written to or read
   *   from disk. Defaults to TRUE.
210
   *
211
   * @return static
212
213
214
   *
   * @throws \Symfony\Component\HttpKernel\Exception\BadRequestHttpException
   *   In case the host name in the request is not trusted.
215
   */
216
  public static function createFromRequest(Request $request, $class_loader, $environment, $allow_dumping = TRUE) {
217
    // Include our bootstrap file.
218
219
    $core_root = dirname(dirname(dirname(__DIR__)));
    require_once $core_root . '/includes/bootstrap.inc';
220
    $class_loader_class = get_class($class_loader);
221
222
223
224
225
226
227

    $kernel = new static($environment, $class_loader, $allow_dumping);

    // Ensure sane php environment variables..
    static::bootEnvironment();

    // Get our most basic settings setup.
228
229
230
    $site_path = static::findSitePath($request);
    $kernel->setSitePath($site_path);
    Settings::initialize(dirname($core_root), $site_path, $class_loader);
231

232
233
    // Initialize our list of trusted HTTP Host headers to protect against
    // header attacks.
234
235
236
    $host_patterns = Settings::get('trusted_host_patterns', array());
    if (PHP_SAPI !== 'cli' && !empty($host_patterns)) {
      if (static::setupTrustedHosts($request, $host_patterns) === FALSE) {
237
238
239
240
        throw new BadRequestHttpException('The provided host name is not valid for this server.');
      }
    }

241
242
243
    // Redirect the user to the installation script if Drupal has not been
    // installed yet (i.e., if no $databases array has been defined in the
    // settings.php file) and we are not already installing.
244
    if (!Database::getConnectionInfo() && !drupal_installation_attempted() && PHP_SAPI !== 'cli') {
245
246
247
248
      $response = new RedirectResponse($request->getBasePath() . '/core/install.php');
      $response->prepare($request)->send();
    }

249
250
251
252
253
254
255
256
257
258
259
260
261
    // If the class loader is still the same, possibly upgrade to the APC class
    // loader.
    if ($class_loader_class == get_class($class_loader)
        && Settings::get('class_loader_auto_detect', TRUE)
        && Settings::get('hash_salt', FALSE)
        && function_exists('apc_fetch')) {
      $prefix = 'drupal.' . hash('sha256', 'drupal.' . Settings::getHashSalt());
      $apc_loader = new \Symfony\Component\ClassLoader\ApcClassLoader($prefix, $class_loader);
      $class_loader->unregister();
      $apc_loader->register();
      $class_loader = $apc_loader;
    }

262
263
264
    return $kernel;
  }

265
266
267
268
  /**
   * Constructs a DrupalKernel object.
   *
   * @param string $environment
269
   *   String indicating the environment, e.g. 'prod' or 'dev'.
270
271
272
273
   * @param $class_loader
   *   The class loader. Normally \Composer\Autoload\ClassLoader, as included by
   *   the front controller, but may also be decorated; e.g.,
   *   \Symfony\Component\ClassLoader\ApcClassLoader.
274
275
276
   * @param bool $allow_dumping
   *   (optional) FALSE to stop the container from being written to or read
   *   from disk. Defaults to TRUE.
277
   */
278
  public function __construct($environment, $class_loader, $allow_dumping = TRUE) {
279
    $this->environment = $environment;
280
    $this->classLoader = $class_loader;
281
    $this->allowDumping = $allow_dumping;
282
    $this->root = dirname(dirname(substr(__DIR__, 0, -strlen(__NAMESPACE__))));
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
  }

  /**
   * Returns the appropriate site directory for a request.
   *
   * Once the kernel has been created DrupalKernelInterface::getSitePath() is
   * preferred since it gets the statically cached result of this method.
   *
   * Site directories contain all site specific code. This includes settings.php
   * for bootstrap level configuration, file configuration stores, public file
   * storage and site specific modules and themes.
   *
   * Finds a matching site directory file by stripping the website's hostname
   * from left to right and pathname from right to left. By default, the
   * directory must contain a 'settings.php' file for it to match. If the
   * parameter $require_settings is set to FALSE, then a directory without a
   * 'settings.php' file will match as well. The first configuration file found
   * will be used and the remaining ones will be ignored. If no configuration
   * file is found, returns a default value 'sites/default'. See
   * default.settings.php for examples on how the URL is converted to a
   * directory.
   *
   * If a file named sites.php is present in the sites directory, it will be
   * loaded prior to scanning for directories. That file can define aliases in
   * an associative array named $sites. The array is written in the format
   * '<port>.<domain>.<path>' => 'directory'. As an example, to create a
   * directory alias for http://www.drupal.org:8080/mysite/test whose
   * configuration file is in sites/example.com, the array should be defined as:
   * @code
   * $sites = array(
   *   '8080.www.drupal.org.mysite.test' => 'example.com',
   * );
   * @endcode
   *
   * @param \Symfony\Component\HttpFoundation\Request $request
   *   The current request.
   * @param bool $require_settings
   *   Only directories with an existing settings.php file will be recognized.
   *   Defaults to TRUE. During initial installation, this is set to FALSE so
   *   that Drupal can detect a matching directory, then create a new
   *   settings.php file in it.
   *
   * @return string
   *   The path of the matching directory.
   *
328
329
330
   * @throws \Symfony\Component\HttpKernel\Exception\BadRequestHttpException
   *   In case the host name in the request is invalid.
   *
331
332
333
334
335
336
   * @see \Drupal\Core\DrupalKernelInterface::getSitePath()
   * @see \Drupal\Core\DrupalKernelInterface::setSitePath()
   * @see default.settings.php
   * @see example.sites.php
   */
  public static function findSitePath(Request $request, $require_settings = TRUE) {
337
338
339
340
    if (static::validateHostname($request) === FALSE) {
      throw new BadRequestHttpException();
    }

341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
    // Check for a simpletest override.
    if ($test_prefix = drupal_valid_test_ua()) {
      return 'sites/simpletest/' . substr($test_prefix, 10);
    }

    // Determine whether multi-site functionality is enabled.
    if (!file_exists(DRUPAL_ROOT . '/sites/sites.php')) {
      return 'sites/default';
    }

    // Otherwise, use find the site path using the request.
    $script_name = $request->server->get('SCRIPT_NAME');
    if (!$script_name) {
      $script_name = $request->server->get('SCRIPT_FILENAME');
    }
356
    $http_host = $request->getHost();
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388

    $sites = array();
    include DRUPAL_ROOT . '/sites/sites.php';

    $uri = explode('/', $script_name);
    $server = explode('.', implode('.', array_reverse(explode(':', rtrim($http_host, '.')))));
    for ($i = count($uri) - 1; $i > 0; $i--) {
      for ($j = count($server); $j > 0; $j--) {
        $dir = implode('.', array_slice($server, -$j)) . implode('.', array_slice($uri, 0, $i));
        if (isset($sites[$dir]) && file_exists(DRUPAL_ROOT . '/sites/' . $sites[$dir])) {
          $dir = $sites[$dir];
        }
        if (file_exists(DRUPAL_ROOT . '/sites/' . $dir . '/settings.php') || (!$require_settings && file_exists(DRUPAL_ROOT . '/sites/' . $dir))) {
          return "sites/$dir";
        }
      }
    }
    return 'sites/default';
  }

  /**
   * {@inheritdoc}
   */
  public function setSitePath($path) {
    $this->sitePath = $path;
  }

  /**
   * {@inheritdoc}
   */
  public function getSitePath() {
    return $this->sitePath;
389
390
  }

391
392
393
394
395
396
397
  /**
   * {@inheritdoc}
   */
  public function getAppRoot() {
    return $this->root;
  }

398
  /**
399
   * {@inheritdoc}
400
401
402
   */
  public function boot() {
    if ($this->booted) {
403
404
405
406
407
408
409
410
411
      return $this;
    }

    // Start a page timer:
    Timer::start('page');

    // Ensure that findSitePath is set.
    if (!$this->sitePath) {
      throw new \Exception('Kernel does not have site path set before calling boot()');
412
    }
413
    // Initialize the container.
414
    $this->initializeContainer();
415
416
417
418
419
420

    // Ensure mt_rand() is reseeded to prevent random values from one page load
    // being exploited to predict random values in subsequent page loads.
    $seed = unpack("L", Crypt::randomBytes(4));
    mt_srand($seed[1]);

421
    $this->booted = TRUE;
422
423

    return $this;
424
425
  }

426
  /**
427
   * {@inheritdoc}
428
   */
429
430
431
432
  public function shutdown() {
    if (FALSE === $this->booted) {
      return;
    }
433
    $this->container->get('stream_wrapper_manager')->unregister();
434
    $this->booted = FALSE;
435
    $this->container = NULL;
436
437
    $this->moduleList = NULL;
    $this->moduleData = array();
438
439
440
441
442
443
444
445
446
  }

  /**
   * {@inheritdoc}
   */
  public function getContainer() {
    return $this->container;
  }

447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
  /**
   * {@inheritdoc}
   */
  public function loadLegacyIncludes() {
    require_once $this->root . '/core/includes/common.inc';
    require_once $this->root . '/core/includes/database.inc';
    require_once $this->root . '/core/includes/module.inc';
    require_once $this->root . '/core/includes/theme.inc';
    require_once $this->root . '/core/includes/pager.inc';
    require_once $this->root . '/core/includes/menu.inc';
    require_once $this->root . '/core/includes/tablesort.inc';
    require_once $this->root . '/core/includes/file.inc';
    require_once $this->root . '/core/includes/unicode.inc';
    require_once $this->root . '/core/includes/form.inc';
    require_once $this->root . '/core/includes/errors.inc';
    require_once $this->root . '/core/includes/schema.inc';
    require_once $this->root . '/core/includes/entity.inc';
  }

466
  /**
467
   * {@inheritdoc}
468
   */
469
  public function preHandle(Request $request) {
470
471
472

    $this->loadLegacyIncludes();

473
474
475
    // Load all enabled modules.
    $this->container->get('module_handler')->loadAll();

476
477
478
    // Register stream wrappers.
    $this->container->get('stream_wrapper_manager')->register();

479
480
481
    // Initialize legacy request globals.
    $this->initializeRequestGlobals($request);

482
483
    // Put the request on the stack.
    $this->container->get('request_stack')->push($request);
484
485
486
487
488
489
490
491
492
493
494

    // Set the allowed protocols once we have the config available.
    $allowed_protocols = $this->container->get('config.factory')->get('system.filter')->get('protocols');
    if (!isset($allowed_protocols)) {
      // \Drupal\Component\Utility\UrlHelper::filterBadProtocol() is called by
      // the installer and update.php, in which case the configuration may not
      // exist (yet). Provide a minimal default set of allowed protocols for
      // these cases.
      $allowed_protocols = array('http', 'https');
    }
    UrlHelper::setAllowedProtocols($allowed_protocols);
495
496
497

    // Override of Symfony's mime type guesser singleton.
    MimeTypeGuesser::registerWithSymfonyGuesser($this->container);
498

499
    $this->prepared = TRUE;
500
501
  }

502
503
504
505
  /**
   * {@inheritdoc}
   */
  public function discoverServiceProviders() {
506
    $this->serviceYamls = array(
507
508
      'app' => array(),
      'site' => array(),
509
    );
510
511
512
513
514
515
    $this->serviceProviderClasses = array(
      'app' => array(),
      'site' => array(),
    );
    $this->serviceYamls['app']['core'] = 'core/core.services.yml';
    $this->serviceProviderClasses['app']['core'] = 'Drupal\Core\CoreServiceProvider';
516

517
    // Retrieve enabled modules and register their namespaces.
518
    if (!isset($this->moduleList)) {
519
520
      $extensions = $this->getConfigStorage()->read('core.extension');
      $this->moduleList = isset($extensions['module']) ? $extensions['module'] : array();
521
    }
522
    $module_filenames = $this->getModuleFileNames();
523
    $this->classLoaderAddMultiplePsr4($this->getModuleNamespacesPsr4($module_filenames));
524

525
    // Load each module's serviceProvider class.
526
    foreach ($module_filenames as $module => $filename) {
katbailey's avatar
katbailey committed
527
      $camelized = ContainerBuilder::camelize($module);
528
529
      $name = "{$camelized}ServiceProvider";
      $class = "Drupal\\{$module}\\{$name}";
530
      if (class_exists($class)) {
531
        $this->serviceProviderClasses['app'][$module] = $class;
532
      }
533
      $filename = dirname($filename) . "/$module.services.yml";
534
      if (file_exists($filename)) {
535
        $this->serviceYamls['app'][$module] = $filename;
536
      }
537
    }
538

539
    // Add site-specific service providers.
540
    if (!empty($GLOBALS['conf']['container_service_providers'])) {
541
542
543
544
      foreach ($GLOBALS['conf']['container_service_providers'] as $class) {
        if (class_exists($class)) {
          $this->serviceProviderClasses['site'][] = $class;
        }
545
546
      }
    }
547
548
    if (!$this->addServiceFiles(Settings::get('container_yamls'))) {
      throw new \Exception('The container_yamls setting is missing from settings.php');
549
    }
550
551
552
553
554
  }

  /**
   * {@inheritdoc}
   */
555
556
  public function getServiceProviders($origin) {
    return $this->serviceProviders[$origin];
557
558
559
560
561
562
  }

  /**
   * {@inheritdoc}
   */
  public function terminate(Request $request, Response $response) {
563
564
565
    // Only run terminate() when essential services have been set up properly
    // by preHandle() before.
    if (FALSE === $this->prepared) {
566
567
568
569
570
571
572
573
574
575
576
      return;
    }

    if ($this->getHttpKernel() instanceof TerminableInterface) {
      $this->getHttpKernel()->terminate($request, $response);
    }
  }

  /**
   * {@inheritdoc}
   */
577
578
  public function handle(Request $request, $type = self::MASTER_REQUEST, $catch = TRUE) {
    $this->boot();
579
    return $this->getHttpKernel()->handle($request, $type, $catch);
580
581
  }

582
583
584
585
586
587
  /**
   * {@inheritdoc}
   */
  public function prepareLegacyRequest(Request $request) {
    $this->boot();
    $this->preHandle($request);
588
589
590
591
592
    // Setup services which are normally initialized from within stack
    // middleware or during the request kernel event.
    if (PHP_SAPI !== 'cli') {
      $request->setSession($this->container->get('session'));
    }
593
594
    $request->attributes->set(RouteObjectInterface::ROUTE_OBJECT, new Route('<none>'));
    $request->attributes->set(RouteObjectInterface::ROUTE_NAME, '<none>');
595
596
597
598
599
    $this->container->get('request_stack')->push($request);
    $this->container->get('router.request_context')->fromRequest($request);
    return $this;
  }

600
601
602
603
604
605
  /**
   * Returns module data on the filesystem.
   *
   * @param $module
   *   The name of the module.
   *
606
607
   * @return \Drupal\Core\Extension\Extension|bool
   *   Returns an Extension object if the module is found, FALSE otherwise.
608
609
610
   */
  protected function moduleData($module) {
    if (!$this->moduleData) {
611
      // First, find profiles.
612
      $listing = new ExtensionDiscovery($this->root);
613
614
615
616
      $listing->setProfileDirectories(array());
      $all_profiles = $listing->scan('profile');
      $profiles = array_intersect_key($all_profiles, $this->moduleList);

617
618
      // If a module is within a profile directory but specifies another
      // profile for testing, it needs to be found in the parent profile.
619
      $settings = $this->getConfigStorage()->read('simpletest.settings');
620
621
      $parent_profile = !empty($settings['parent_profile']) ? $settings['parent_profile'] : NULL;
      if ($parent_profile && !isset($profiles[$parent_profile])) {
622
623
        // In case both profile directories contain the same extension, the
        // actual profile always has precedence.
624
        $profiles = array($parent_profile => $all_profiles[$parent_profile]) + $profiles;
625
      }
626
627
628
629
630
631

      $profile_directories = array_map(function ($profile) {
        return $profile->getPath();
      }, $profiles);
      $listing->setProfileDirectories($profile_directories);

632
      // Now find modules.
633
      $this->moduleData = $profiles + $listing->scan('module');
634
635
636
637
    }
    return isset($this->moduleData[$module]) ? $this->moduleData[$module] : FALSE;
  }

638
639
  /**
   * Implements Drupal\Core\DrupalKernelInterface::updateModules().
640
641
642
   *
   * @todo Remove obsolete $module_list parameter. Only $module_filenames is
   *   needed.
643
   */
644
  public function updateModules(array $module_list, array $module_filenames = array()) {
645
    $this->moduleList = $module_list;
646
647
    foreach ($module_filenames as $name => $extension) {
      $this->moduleData[$name] = $extension;
648
    }
649

650
651
    // If we haven't yet booted, we don't need to do anything: the new module
    // list will take effect when boot() is called. If we have already booted,
652
653
    // then rebuild the container in order to refresh the serviceProvider list
    // and container.
654
    if ($this->booted) {
655
      $this->initializeContainer(TRUE);
656
657
    }
  }
658

659
  /**
660
   * Returns the classname based on environment.
661
662
663
664
665
   *
   * @return string
   *   The class name.
   */
  protected function getClassName() {
666
    $parts = array('service_container', $this->environment);
667
668
669
    return implode('_', $parts);
  }

670
671
672
673
674
675
676
677
678
  /**
   * Returns the container class namespace based on the environment.
   *
   * @return string
   *   The class name.
   */
  protected function getClassNamespace() {
    return 'Drupal\\Core\\DependencyInjection\\Container\\' . $this->environment;
  }
679
680
681
682
683
684
685
686
687
688
689
690

  /**
   * Returns the kernel parameters.
   *
   * @return array An array of kernel parameters
   */
  protected function getKernelParameters() {
    return array(
      'kernel.environment' => $this->environment,
    );
  }

691
692
  /**
   * Initializes the service container.
693
694
695
696
   *
   * @param bool $rebuild
   *   Force a container rebuild.
   * @return \Symfony\Component\DependencyInjection\ContainerInterface
697
   */
698
  protected function initializeContainer($rebuild = FALSE) {
699
    $this->containerNeedsDumping = FALSE;
700
    $session_manager_started = FALSE;
701
    if (isset($this->container)) {
702
703
704
705
706
      // Save the id of the currently logged in user.
      if ($this->container->initialized('current_user')) {
        $current_user_id = $this->container->get('current_user')->id();
      }

707
708
709
710
      // If there is a session manager, close and save the session.
      if ($this->container->initialized('session_manager')) {
        $session_manager = $this->container->get('session_manager');
        if ($session_manager->isStarted()) {
711
          $session_manager_started = TRUE;
712
          $session_manager->save();
713
714
715
        }
        unset($session_manager);
      }
716
    }
717

718
719
720
    // If the module list hasn't already been set in updateModules and we are
    // not forcing a rebuild, then try and load the container from the disk.
    if (empty($this->moduleList) && !$rebuild) {
721
      $fully_qualified_class_name = '\\' . $this->getClassNamespace() . '\\' . $this->getClassName();
722
723

      // First, try to load from storage.
724
725
      if (!class_exists($fully_qualified_class_name, FALSE)) {
        $this->storage()->load($this->getClassName() . '.php');
726
727
      }
      // If the load succeeded or the class already existed, use it.
728
      if (class_exists($fully_qualified_class_name, FALSE)) {
729
        $container = new $fully_qualified_class_name;
730
731
      }
    }
732
733
734
735
736

    if (!isset($container)) {
      $container = $this->compileContainer();
    }

737
    $this->attachSynthetic($container);
738
739

    $this->container = $container;
740
    if ($session_manager_started) {
741
742
      $this->container->get('session_manager')->start();
    }
743
744
745
746
747
748
749
750
751
752

    // The request stack is preserved across container rebuilds. Reinject the
    // new session into the master request if one was present before.
    if (($request_stack = $this->container->get('request_stack', ContainerInterface::NULL_ON_INVALID_REFERENCE))) {
      if ($request = $request_stack->getMasterRequest()) {
        if ($request->hasSession()) {
          $request->setSession($this->container->get('session'));
        }
      }
    }
753
754
755
756
757

    if (!empty($current_user_id)) {
      $this->container->get('current_user')->setInitialAccountId($current_user_id);
    }

758
    \Drupal::setContainer($this->container);
759
760
761
762
763
764

    // If needs dumping flag was set, dump the container.
    if ($this->containerNeedsDumping && !$this->dumpDrupalContainer($this->container, static::CONTAINER_BASE_CLASS)) {
      $this->container->get('logger.factory')->get('DrupalKernel')->notice('Container cannot be written to disk');
    }

765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
    return $this->container;
  }

  /**
   * Setup a consistent PHP environment.
   *
   * This method sets PHP environment options we want to be sure are set
   * correctly for security or just saneness.
   */
  public static function bootEnvironment() {
    if (static::$isEnvironmentInitialized) {
      return;
    }

    // Enforce E_STRICT, but allow users to set levels not part of E_STRICT.
    error_reporting(E_STRICT | E_ALL);

    // Override PHP settings required for Drupal to work properly.
    // sites/default/default.settings.php contains more runtime settings.
    // The .htaccess file contains settings that cannot be changed at runtime.

    // Use session cookies, not transparent sessions that puts the session id in
    // the query string.
    ini_set('session.use_cookies', '1');
    ini_set('session.use_only_cookies', '1');
    ini_set('session.use_trans_sid', '0');
    // Don't send HTTP headers using PHP's session handler.
    // Send an empty string to disable the cache limiter.
    ini_set('session.cache_limiter', '');
    // Use httponly session cookies.
    ini_set('session.cookie_httponly', '1');

    // Set sane locale settings, to ensure consistent string, dates, times and
    // numbers handling.
    setlocale(LC_ALL, 'C');

    // Detect string handling method.
    Unicode::check();

    // Indicate that code is operating in a test child site.
    if (!defined('DRUPAL_TEST_IN_CHILD_SITE')) {
      if ($test_prefix = drupal_valid_test_ua()) {
        // Only code that interfaces directly with tests should rely on this
        // constant; e.g., the error/exception handler conditionally adds further
        // error information into HTTP response headers that are consumed by
        // Simpletest's internal browser.
        define('DRUPAL_TEST_IN_CHILD_SITE', TRUE);

        // Log fatal errors to the test site directory.
        ini_set('log_errors', 1);
        ini_set('error_log', DRUPAL_ROOT . '/sites/simpletest/' . substr($test_prefix, 10) . '/error.log');
      }
      else {
        // Ensure that no other code defines this.
        define('DRUPAL_TEST_IN_CHILD_SITE', FALSE);
      }
    }

    // Set the Drupal custom error handler.
    set_error_handler('_drupal_error_handler');
    set_exception_handler('_drupal_exception_handler');

    static::$isEnvironmentInitialized = TRUE;
  }

  /**
   * Bootstraps the legacy global request variables.
   *
   * @param \Symfony\Component\HttpFoundation\Request $request
   *   The current request.
   *
   * @todo D8: Eliminate this entirely in favor of Request object.
   */
  protected function initializeRequestGlobals(Request $request) {
    // Provided by settings.php.
    global $base_url;
    // Set and derived from $base_url by this function.
842
    global $base_path, $base_root;
843
844
845
846
847
848
849
850
851
852
853
854
    global $base_secure_url, $base_insecure_url;

    // @todo Refactor with the Symfony Request object.
    if (isset($base_url)) {
      // Parse fixed base URL from settings.php.
      $parts = parse_url($base_url);
      if (!isset($parts['path'])) {
        $parts['path'] = '';
      }
      $base_path = $parts['path'] . '/';
      // Build $base_root (everything until first slash after "scheme://").
      $base_root = substr($base_url, 0, strlen($base_url) - strlen($parts['path']));
855
    }
856
    else {
857
      // Create base URL.
858
      $base_root = $request->getSchemeAndHttpHost();
859
860
861
862
863
864

      $base_url = $base_root;

      // For a request URI of '/index.php/foo', $_SERVER['SCRIPT_NAME'] is
      // '/index.php', whereas $_SERVER['PHP_SELF'] is '/index.php/foo'.
      if ($dir = rtrim(dirname($request->server->get('SCRIPT_NAME')), '\/')) {
865
866
        // Remove "core" directory if present, allowing install.php,
        // authorize.php, and others to auto-detect a base path.
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
        $core_position = strrpos($dir, '/core');
        if ($core_position !== FALSE && strlen($dir) - 5 == $core_position) {
          $base_path = substr($dir, 0, $core_position);
        }
        else {
          $base_path = $dir;
        }
        $base_url .= $base_path;
        $base_path .= '/';
      }
      else {
        $base_path = '/';
      }
    }
    $base_secure_url = str_replace('http://', 'https://', $base_url);
    $base_insecure_url = str_replace('https://', 'http://', $base_url);
  }
884

885
886
887
  /**
   * Returns service instances to persist from an old container to a new one.
   */
888
  protected function getServicesToPersist(ContainerInterface $container) {
889
    $persist = array();
890
891
892
893
    foreach ($container->getParameter('persistIds') as $id) {
      // It's pointless to persist services not yet initialized.
      if ($container->initialized($id)) {
        $persist[$id] = $container->get($id);
894
895
896
897
898
899
900
901
      }
    }
    return $persist;
  }

  /**
   * Moves persistent service instances into a new container.
   */
902
  protected function persistServices(ContainerInterface $container, array $persist) {
903
904
905
    foreach ($persist as $id => $object) {
      // Do not override services already set() on the new container, for
      // example 'service_container'.
906
907
      if (!$container->initialized($id)) {
        $container->set($id, $object);
908
909
910
911
      }
    }
  }

912
  /**
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
   * Force a container rebuild.
   *
   * @return \Symfony\Component\DependencyInjection\ContainerInterface
   */
  public function rebuildContainer() {
    // Empty module properties and for them to be reloaded from scratch.
    $this->moduleList = NULL;
    $this->moduleData = array();
    return $this->initializeContainer(TRUE);
  }

  /**
   * Attach synthetic values on to kernel.
   *
   * @param ContainerInterface $container
   *   Container object
929
   *
930
931
   * @return ContainerInterface
   */
932
  protected function attachSynthetic(ContainerInterface $container) {
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
    $persist = array();
    if (isset($this->container)) {
      $persist = $this->getServicesToPersist($this->container);
    }
    $this->persistServices($container, $persist);

    // All namespaces must be registered before we attempt to use any service
    // from the container.
    $this->classLoaderAddMultiplePsr4($container->getParameter('container.namespaces'));

    $container->set('kernel', $this);

    // Set the class loader which was registered as a synthetic service.
    $container->set('class_loader', $this->classLoader);
    return $container;
  }

  /**
   * Compiles a new service container.
952
953
954
   *
   * @return ContainerBuilder The compiled service container
   */
955
956
957
958
959
960
961
962
  protected function compileContainer() {
    // We are forcing a container build so it is reasonable to assume that the
    // calling method knows something about the system has changed requiring the
    // container to be dumped to the filesystem.
    if ($this->allowDumping) {
      $this->containerNeedsDumping = TRUE;
    }

963
    $this->initializeServiceProviders();
964
    $container = $this->getContainerBuilder();
965
    $container->set('kernel', $this);
966
    $container->setParameter('container.modules', $this->getModulesParameter());
967
968

    // Get a list of namespaces and put it onto the container.
969
    $namespaces = $this->getModuleNamespacesPsr4($this->getModuleFileNames());
970
971
972
973
974
    // Add all components in \Drupal\Core and \Drupal\Component that have one of
    // the following directories:
    // - Element
    // - Entity
    // - Plugin
975
    foreach (array('Core', 'Component') as $parent_directory) {
976
      $path = 'core/lib/Drupal/' . $parent_directory;
977
      $parent_namespace = 'Drupal\\' . $parent_directory;
978
      foreach (new \DirectoryIterator($this->root . '/' . $path) as $component) {
979
980
981
982
983
984
985
        /** @var $component \DirectoryIterator */
        $pathname = $component->getPathname();
        if (!$component->isDot() && $component->isDir() && (
          is_dir($pathname . '/Plugin') ||
          is_dir($pathname . '/Entity') ||
          is_dir($pathname . '/Element')
        )) {
986
          $namespaces[$parent_namespace . '\\' . $component->getFilename()] = $path . '/' . $component->getFilename();
987
988
989
        }
      }
    }
990
991
    $container->setParameter('container.namespaces', $namespaces);

992
993
994
995
996
997
    // Store the default language values on the container. This is so that the
    // default language can be configured using the configuration factory. This
    // avoids the circular dependencies that would created by
    // \Drupal\language\LanguageServiceProvider::alter() and allows the default
    // language to not be English in the installer.
    $default_language_values = Language::$defaultValues;
998
999
    if ($system = $this->getConfigStorage()->read('system.site')) {
      if ($default_language_values['id'] != $system['langcode']) {
1000
        $default_language_values = array('id' => $system['langcode']);
1001
      }
1002
1003
1004
    }
    $container->setParameter('language.default_values', $default_language_values);

1005
    // Register synthetic services.
1006
    $container->register('class_loader')->setSynthetic(TRUE);
1007
1008
    $container->register('kernel', 'Symfony\Component\HttpKernel\KernelInterface')->setSynthetic(TRUE);
    $container->register('service_container', 'Symfony\Component\DependencyInjection\ContainerInterface')->setSynthetic(TRUE);
1009
1010

    // Register application services.
1011
    $yaml_loader = new YamlFileLoader($container);
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
    foreach ($this->serviceYamls['app'] as $filename) {
      $yaml_loader->load($filename);
    }
    foreach ($this->serviceProviders['app'] as $provider) {
      if ($provider instanceof ServiceProviderInterface) {
        $provider->register($container);
      }
    }
    // Register site-specific service overrides.
    foreach ($this->serviceYamls['site'] as $filename) {
1022
1023
      $yaml_loader->load($filename);
    }
1024
    foreach ($this->serviceProviders['site'] as $provider) {
1025
1026
1027
      if ($provider instanceof ServiceProviderInterface) {
        $provider->register($container);
      }
1028
    }
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041

    // Identify all services whose instances should be persisted when rebuilding
    // the container during the lifetime of the kernel (e.g., during a kernel
    // reboot). Include synthetic services, because by definition, they cannot
    // be automatically reinstantiated. Also include services tagged to persist.
    $persist_ids = array();
    foreach ($container->getDefinitions() as $id => $definition) {
      if ($definition->isSynthetic() || $definition->getTag('persist')) {
        $persist_ids[] = $id;
      }
    }
    $container->setParameter('persistIds', $persist_ids);

1042
    $container->compile();
1043
1044
    return $container;
  }
1045

1046
1047
1048
1049
1050
1051
  /**
   * Registers all service providers to the kernel.
   *
   * @throws \LogicException
   */
  protected function initializeServiceProviders() {
1052
1053
1054
1055
1056
1057
1058
1059
    $this->discoverServiceProviders();
    $this->serviceProviders = array(
      'app' => array(),
      'site' => array(),
    );
    foreach ($this->serviceProviderClasses as $origin => $classes) {
      foreach ($classes as $name => $class) {
        $this->serviceProviders[$origin][$name] = new $class;
1060
1061
1062
1063
      }
    }
  }

1064
1065
1066
1067
1068
  /**
   * Gets a new ContainerBuilder instance used to build the service container.
   *
   * @return ContainerBuilder
   */
1069
  protected function getContainerBuilder() {
1070
1071
1072
    return new ContainerBuilder(new ParameterBag($this->getKernelParameters()));
  }

1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
  /**
   * Dumps the service container to PHP code in the config directory.
   *
   * This method is based on the dumpContainer method in the parent class, but
   * that method is reliant on the Config component which we do not use here.
   *
   * @param ContainerBuilder $container
   *   The service container.
   * @param string $baseClass
   *   The name of the container's base class
   *
   * @return bool
   *   TRUE if the container was successfully dumped to disk.
   */
  protected function dumpDrupalContainer(ContainerBuilder $container, $baseClass) {
1088
    if (!$this->storage()->writeable()) {
1089
1090
1091
1092
      return FALSE;
    }
    // Cache the container.
    $dumper = new PhpDumper($container);
1093
    $dumper->setProxyDumper(new ProxyDumper(new ProxyBuilder()));
1094
    $class = $this->getClassName();
1095
1096
1097
1098
1099
1100
    $namespace = $this->getClassNamespace();
    $content = $dumper->dump([
      'class' => $class,
      'base_class' => $baseClass,
      'namespace' => $namespace,
    ]);
1101
    return $this->storage()->save($class . '.php', $content);
1102
1103
  }

1104
1105
1106
1107

  /**
   * Gets a http kernel from the container
   *
1108
   * @return \Symfony\Component\HttpKernel\HttpKernelInterface
1109
1110
1111
1112
1113
   */
  protected function getHttpKernel() {
    return $this->container->get('http_kernel');
  }

1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
  /**
   * Gets the PHP code storage object to use for the compiled container.
   *
   * @return \Drupal\Component\PhpStorage\PhpStorageInterface
   */
  protected function storage() {
    if (!isset($this->storage)) {
      $this->storage = PhpStorageFactory::get('service_container');
    }
    return $this->storage;
  }

1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
  /**
   * Returns the active configuration storage to use during building the container.
   *
   * @return \Drupal\Core\Config\StorageInterface
   */
  protected function getConfigStorage() {
    if (!isset($this->configStorage)) {
      // The active configuration storage may not exist yet; e.g., in the early
      // installer. Catch the exception thrown by config_get_config_directory().
      try {
1136
        $this->configStorage = BootstrapConfigStorageFactory::get($this->classLoader);
1137
1138
1139
1140
1141
1142
1143
1144
      }
      catch (\Exception $e) {
        $this->configStorage = new NullStorage();
      }
    }
    return $this->configStorage;
  }

1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
  /**
   * Returns an array of Extension class parameters for all enabled modules.
   *
   * @return array
   */
  protected function getModulesParameter() {
    $extensions = array();
    foreach ($this->moduleList as $name => $weight) {
      if ($data = $this->moduleData($name)) {
        $extensions[$name] = array(
          'type' => $data->getType(),
          'pathname' => $data->getPathname(),
          'filename' => $data->getExtensionFilename(),
        );
      }
    }
    return $extensions;
  }

1164
  /**
1165
1166
1167
1168
1169
   * Gets the file name for each enabled module.
   *
   * @return array
   *   Array where each key is a module name, and each value is a path to the
   *   respective *.module or *.profile file.
1170
1171
1172
1173
1174
   */
  protected function getModuleFileNames() {
    $filenames = array();
    foreach ($this->moduleList as $module => $weight) {
      if ($data = $this->moduleData($module)) {
1175
        $filenames[$module] = $data->getPathname();
1176
1177
1178
1179
1180
      }
    }
    return $filenames;
  }

1181
1182
1183
  /**
   * Gets the PSR-4 base directories for module namespaces.
   *
1184
   * @param string[] $module_file_names
1185
1186
1187
   *   Array where each key is a module name, and each value is a path to the
   *   respective *.module or *.profile file.
   *
1188
   * @return string[]
1189
   *   Array where each key is a module namespace like 'Drupal\system', and each
1190
   *   value is the PSR-4 base directory associated with the module namespace.
1191
1192
1193
1194
   */
  protected function getModuleNamespacesPsr4($module_file_names) {
    $namespaces = array();
    foreach ($module_file_names as $module => $filename) {
1195
      $namespaces["Drupal\\$module"] = dirname($filename) . '/src';
1196
1197
1198
1199
    }
    return $namespaces;
  }

1200
1201
1202
1203
1204
1205
1206
1207
  /**
   * Registers a list of namespaces with PSR-4 directories for class loading.
   *
   * @param array $namespaces
   *   Array where each key is a namespace like 'Drupal\system', and each value
   *   is either a PSR-4 base directory, or an array of PSR-4 base directories
   *   associated with this namespace.
   */
1208
  protected function classLoaderAddMultiplePsr4(array $namespaces = array()) {
1209
    foreach ($namespaces as $prefix => $paths) {
1210
1211
1212
1213
1214
1215
1216
1217
      if (is_array($paths)) {
        foreach ($paths as $key => $value) {
          $paths[$key] = $this->root . '/' . $value;
        }
      }
      elseif (is_string($paths)) {
        $paths = $this->root . '/' . $paths;
      }
1218
1219
1220
1221
      $this->classLoader->addPsr4($prefix . '\\', $paths);
    }
  }

1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
  /**
   * Validates a hostname length.
   *
   * @param string $host
   *   A hostname.
   *
   * @return bool
   *   TRUE if the length is appropriate, or FALSE otherwise.
   */
  protected static function validateHostnameLength($host) {
    // Limit the length of the host name to 1000 bytes to prevent DoS attacks
    // with long host names.
    return strlen($host) <= 1000
    // Limit the number of subdomains and port separators to prevent DoS attacks
    // in findSitePath().
    && substr_count($host, '.') <= 100
    && substr_count($host, ':') <= 100;
  }

  /**
   * Validates the hostname supplied from the HTTP request.
   *
   * @param \Symfony\Component\HttpFoundation\Request $request
   *   The request object
   *
   * @return bool
   *   TRUE if the hostmame is valid, or FALSE otherwise.
   *
   * @todo Adjust per resolution to https://github.com/symfony/symfony/issues/12349
   */
  public static function validateHostname(Request $request) {
    // $request->getHost() can throw an UnexpectedValueException if it
    // detects a bad hostname, but it does not validate the length.
    try {
      $http_host = $request->getHost();
    }
    catch (\UnexpectedValueException $e) {
      return FALSE;
    }

    if (static::validateHostnameLength($http_host) === FALSE) {
      return FALSE;
    }

    return TRUE;
  }

1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
  /**
   * Sets up the lists of trusted HTTP Host headers.
   *
   * Since the HTTP Host header can be set by the user making the request, it
   * is possible to create an attack vectors against a site by overriding this.
   * Symfony provides a mechanism for creating a list of trusted Host values.
   *
   * Host patterns (as regular expressions) can be configured throught
   * settings.php for multisite installations, sites using ServerAlias without
   * canonical redirection, or configurations where the site responds to default
   * requests. For example,
   *
   * @code
   * $settings['trusted_host_patterns'] = array(
   *   '^example\.com$',
   *   '^*.example\.com$',
   * );
   * @endcode
   *
   * @param \Symfony\Component\HttpFoundation\Request $request
   *   The request object.
1290
   * @param array $host_patterns
1291
1292
1293
1294
1295
1296
   *   The array of trusted host patterns.
   *
   * @return boolean
   *   TRUE if the Host header is trusted, FALSE otherwise.
   *
   * @see https://www.drupal.org/node/1992030
1297
   * @see \Drupal\Core\Http\TrustedHostsRequestFactory
1298
   */
1299
1300
  protected static function setupTrustedHosts(Request $request, $host_patterns) {
    $request->setTrustedHosts($host_patterns);
1301
1302
1303

    // Get the host, which will validate the current request.
    try {
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
      $host = $request->getHost();

      // Fake requests created through Request::create() without passing in the
      // server variables from the main request have a default host of
      // 'localhost'. If 'localhost' does not match any of the trusted host
      // patterns these fake requests would fail the host verification. Instead,
      // TrustedHostsRequestFactory makes sure to pass in the server variables
      // from the main request.
      $request_factory = new TrustedHostsRequestFactory($host);
      Request::setFactory([$request_factory, 'createRequest']);

1315
1316
1317
1318
1319
1320
1321
    }
    catch (\UnexpectedValueException $e) {
      return FALSE;
    }

    return TRUE;
  }
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338

  /**
   * Add service files.
   *
   * @param $service_yamls
   *   A list of service files.
   *
   * @return bool
   *   TRUE if the list was an array, FALSE otherwise.
   */
  protected function addServiceFiles($service_yamls) {
    if (is_array($service_yamls)) {
      $this->serviceYamls['site'] = array_filter($service_yamls, 'file_exists');
      return TRUE;
    }
    return FALSE;
  }
1339
}