Store.php 16.4 KB
Newer Older
1
2
3
4
5
6
7
8
<?php
/**
 * Created by PhpStorm.
 * User: crose
 * Date: 1/1/16
 * Time: 6:51 PM
 */

9
namespace qfq;
10

11
use qfq\CodeException;
12
13
use qfq\keyValueStringParser;
use qfq\OnArray;
14
use qfq;
15

16
require_once(__DIR__ . '/../../qfq/helper/KeyValueStringParser.php');
Carsten  Rose's avatar
Carsten Rose committed
17
require_once(__DIR__ . '/../../qfq/helper/Sanitize.php');
18
require_once(__DIR__ . '/../../qfq/Constants.php');
19
require_once(__DIR__ . '/../../qfq/store/Sip.php');
20
require_once(__DIR__ . '/../../qfq/Database.php');
21
22
23
24
25
26
27
28
29
30
31


/*
 * Stores:
 * - SIP
 * - webVar
 * - record
 * - form
 * - formElement
 */

Carsten  Rose's avatar
Carsten Rose committed
32
33
/**
 * Class Store
34
 * @package qfq
Carsten  Rose's avatar
Carsten Rose committed
35
 */
36
37
class Store {

Carsten  Rose's avatar
Carsten Rose committed
38
39
40
    /**
     * @var Store Instance of class Store. There should only be one class 'Store' at a time.
     */
41
42
    private static $instance = null;

Carsten  Rose's avatar
Carsten Rose committed
43
44
45
    /**
     * @var Sip Instance of class SIP
     */
46
47
    private static $sip = null;

Carsten  Rose's avatar
Carsten Rose committed
48
49
50
51
52
53
54
55
56
57
    /**
     * @var array Stores all indiviudal stores with the variable raw values
     *
     * $raw['D']['id'] = 0  - Defaultvalues from Tabledefinition
     * ...
     * $raw['S']['r'] = 1234 - record ID from current SIP identifier
     * ...
     * $raw['C']['HTTP_SERVER'] = 'qfq' - Servername
     * $raw['C']['s'] = 'badcaffee1234' - recent SIP
     */
58
    private static $raw = array();
Carsten  Rose's avatar
Carsten Rose committed
59
60

    /**
Carsten  Rose's avatar
Carsten Rose committed
61
     * @var array Default sanitize classes.
Carsten  Rose's avatar
Carsten Rose committed
62
     */
Carsten  Rose's avatar
Carsten Rose committed
63
    private static $sanitizeClass = array();
Carsten  Rose's avatar
Carsten Rose committed
64
65

    /**
Carsten  Rose's avatar
Carsten Rose committed
66
67
     * $sanitizeClass['S'] = false
     * $sanitizeClass['C'] = true
Carsten  Rose's avatar
Carsten Rose committed
68
69
     * ...
     *
Carsten  Rose's avatar
Carsten Rose committed
70
     * @var array each entry with true/false - depending if store needs to be sanitized.
Carsten  Rose's avatar
Carsten Rose committed
71
     */
Carsten  Rose's avatar
Carsten Rose committed
72
    private static $sanitizeStore = array();
73

Carsten  Rose's avatar
Carsten Rose committed
74
    private static $phpUnit = false;
75

76
    /**
77
     * @param string $bodytext
78
     */
79
    private function __construct($bodytext = '') {
80

Carsten  Rose's avatar
Carsten Rose committed
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
        self::$sanitizeClass = [
//            TYPO3_DEBUG_LOAD => SANITIZE_ALLOW_DIGIT,
//            TYPO3_DEBUG_SAVE => SANITIZE_ALLOW_DIGIT,
//            TYPO3_FORM => SANITIZE_ALLOW_ALNUMX,
//            TYPO3_FE_USER => SANITIZE_ALLOW_ALNUMX,
//            TYPO3_FE_USER_UID => SANITIZE_ALLOW_DIGIT,
//            TYPO3_FE_USER_GROUP => SANITIZE_ALLOW_ALNUMX,

            CLIENT_SIP => SANITIZE_ALLOW_ALNUMX,
            CLIENT_RECORD_ID => SANITIZE_ALLOW_DIGIT,
            CLIENT_KEY_SEM_ID => SANITIZE_ALLOW_DIGIT,
            CLIENT_KEY_SEM_ID_USER => SANITIZE_ALLOW_DIGIT,
            CLIENT_PAGE_ID => SANITIZE_ALLOW_DIGIT,
            CLIENT_PAGE_TYPE => SANITIZE_ALLOW_DIGIT,
            CLIENT_PAGE_LANGUAGE => SANITIZE_ALLOW_DIGIT,
            CLIENT_FORM => SANITIZE_ALLOW_ALNUMX,

            // Part of $_SERVER. Missing vars must be requested individual with the needed sanitize class.
            CLIENT_SCRIPT_URL => SANITIZE_ALLOW_ALNUMX,
            CLIENT_SCRIPT_URI => SANITIZE_ALLOW_ALNUMX,
            CLIENT_HTTP_HOST => SANITIZE_ALLOW_ALNUMX,
            CLIENT_HTTP_USER_AGENT => SANITIZE_ALLOW_ALNUMX,
            CLIENT_SERVER_NAME => SANITIZE_ALLOW_ALNUMX,
            CLIENT_SERVER_ADDRESS => SANITIZE_ALLOW_ALNUMX,
            CLIENT_SERVER_PORT => SANITIZE_ALLOW_DIGIT,
            CLIENT_REMOTE_ADDRESS => SANITIZE_ALLOW_ALNUMX,
            CLIENT_REQUEST_SCHEME => SANITIZE_ALLOW_ALNUMX,
            CLIENT_SCRIPT_FILENAME => SANITIZE_ALLOW_ALNUMX,
            CLIENT_QUERY_STRING => SANITIZE_ALLOW_ALL,
            CLIENT_REQUEST_URI => SANITIZE_ALLOW_ALL,
            CLIENT_SCRIPT_NAME => SANITIZE_ALLOW_ALNUMX,
            CLIENT_PHP_SELF => SANITIZE_ALLOW_ALNUMX,

//            SYSTEM_DBUSER => SANITIZE_ALLOW_ALNUMX,
//            SYSTEM_DBSERVER => SANITIZE_ALLOW_ALNUMX,
//            SYSTEM_DBPW => SANITIZE_ALLOW_ALL,
//            SYSTEM_DB => SANITIZE_ALLOW_ALNUMX,
//            SYSTEM_TESTDB => SANITIZE_ALLOW_ALNUMX,
//            SYSTEM_SESSIONNAME => SANITIZE_ALLOW_ALNUMX,
//            SYSTEM_DBH => SANITIZE_ALLOW_ALL,

//            SYSTEM_SQL_RAW => SANITIZE_ALLOW_ALL,
//            SYSTEM_SQL_FINAL => SANITIZE_ALLOW_ALL,
//            SYSTEM_SQL_COUNT => SANITIZE_ALLOW_DIGIT,
//            SYSTEM_SQL_PARAM_ARRAY => SANITIZE_ALLOW_ALL,

//            SIP_SIP => SANITIZE_ALLOW_ALNUMX,
//            SIP_RECORD_ID => SANITIZE_ALLOW_DIGIT,
//            SIP_FORM => SANITIZE_ALLOW_ALNUMX,
//            SIP_URLPARAM => SANITIZE_ALLOW_ALL
131

132
133
        ];

Carsten  Rose's avatar
Carsten Rose committed
134
        self::$sanitizeStore = [
135
136
137
138
            STORE_FORM => true,
            STORE_SIP => false,
            STORE_RECORD => false,
            STORE_PARENT_RECORD => false,
139
140
            STORE_TABLE_DEFAULT => false,
            STORE_TABLE_COLUMN_TYPES => false,
141
142
            STORE_CLIENT => true,
            STORE_TYPO3 => false,
143
            STORE_ZERO => false,
144
145
146
            STORE_SYSTEM => false
        ];

147
        self::fillSystemStore();
148
        self::fillStoreTypo3($bodytext);
149
        self::fillStoreClient();
150
        self::fillStoreSip();
151
    }
152

153
154
    /**
     * @throws CodeException
155
     * @throws qfq\UserFormException
156
157
     */
    private function fillSystemStore() {
158
        try {
159
160
            //TODO: Vernuenftige Fehlermeldung falls nicht auf qfq.ini zugegriffen werden kann.
            //TODO: sinnvollen Platz fuer qfq.ini bestimmen. In der Installationsdoku erwaehnen.
161
            $config = parse_ini_file(__DIR__ . '/../../../' . CONFIG_INI, false);
162

163
164
            //TODO: auskommentiert weil dann die Unittests nicht mehr laufen. Sollte eigentlich wieder aktiviert werden.
//            $config['SQLLOG'] = Support::ifRelativePathPrependExtensionPath($config['SQLLOG']);
165

166
        } catch (\Exception $e) {
167
            throw new qfq\UserFormException ("Error read file " . CONFIG_INI . ": " . $e->getMessage(), ERROR_IO_READ_FILE);
168
        }
169

170
        if (!isset($config['SHOW_DEBUG_INFO']) || $config['SHOW_DEBUG_INFO'] === 'auto') {
171
172
173
            $config['SHOW_DEBUG_INFO'] = (isset($GLOBALS["TSFE"]->beUserLogin) && $GLOBALS["TSFE"]->beUserLogin === true) ? 'yes' : 'no';
        }

174
175
176
177
178
179
180
        // SYSTEM_PATH_EXT: compute only if not already defined.
        if (!isset($config[SYSTEM_PATH_EXT]) || $config[SYSTEM_PATH_EXT] === '' || $config[SYSTEM_PATH_EXT][0] !== '/') {
            $relExtDir = '/typo3conf/ext/' . EXT_KEY;

            // If we are called through AJAX API (e.g. api/save.php), there is no TYPO3 environment.
            if (isset($_SERVER['SCRIPT_FILENAME'])) {
                $pos = strpos($_SERVER['SCRIPT_FILENAME'], $relExtDir);
181
182
                if ($pos === false && isset($GLOBALS['TYPO3_LOADED_EXT'][EXT_KEY]['ext_localconf.php'])) {

183
184
185
186
187
188
189
190
191
192
193
194
195
196
                    // probably: index.php - THERE should be a TYPO3 environment.
                    $config[SYSTEM_PATH_EXT] = dirname($GLOBALS['TYPO3_LOADED_EXT'][EXT_KEY]['ext_localconf.php']);
                } else {
                    $config[SYSTEM_PATH_EXT] = substr($_SERVER['SCRIPT_FILENAME'], 0, $pos + strlen($relExtDir));
                }
            }
        }

        // make SQL PATH absolute. This is necessary to work in different directories correctly.
        if (isset($config[SYSTEM_SQL_LOG]) && $config[SYSTEM_SQL_LOG][0] !== '/') {
            $config[SYSTEM_SQL_LOG] = $config[SYSTEM_PATH_EXT] . '/' . $config[SYSTEM_SQL_LOG];
        }


197
        self::setVarArray($config, STORE_SYSTEM, true);
198
199
    }

200
201
202
    /**
     * @param array $dataArray
     * @param $store
203
     * @param bool|false $flagOverwrite
204
     * @throws UserFormException
205
     * @throws \qfq\CodeException
206
     */
207
    public function setVarArray(array $dataArray, $store, $flagOverwrite = false) {
Carsten  Rose's avatar
Carsten Rose committed
208
        // Check valid Storename
Carsten  Rose's avatar
Carsten Rose committed
209
        if (!isset(self::$sanitizeStore))
210
            throw new UserFormException("Unknown Store: $store", ERROR_UNNOWN_STORE);
Carsten  Rose's avatar
Carsten Rose committed
211
212


213
        if ($store === STORE_ZERO)
Carsten  Rose's avatar
Carsten Rose committed
214
            throw new CodeException("setVarArray() for STORE_ZERO is impossible - there are no values.", ERROR_SET_STORE_ZERO);
215

Carsten  Rose's avatar
Carsten Rose committed
216
        if (!$flagOverwrite && isset(self::$raw[$store]) && count(self::$raw[$store]) > 0) {
217
            throw new CodeException("Raw values already been copied to store '$store'. Do this only one time.", ERROR_STORE_VALUE_ALREADY_CODPIED);
218
        }
219

220
221
        self::$raw[$store] = $dataArray;
    }
222

223
224
225
226
    /**
     * @param $bodytext
     * @throws CodeException
     */
227
228
    private function fillStoreTypo3($bodytext) {

229
        $arr = KeyValueStringParser::parse($bodytext, "=", "\n");
230
231
232
233
234
235
236
237
238

        if (isset($GLOBALS["TSFE"]->fe_user->user["username"]))
            $arr[TYPO3_FE_USER] = $GLOBALS["TSFE"]->fe_user->user["username"];

        if (isset($GLOBALS["TSFE"]->fe_user->user["uid"]))
            $arr[TYPO3_FE_USER_UID] = $GLOBALS["TSFE"]->fe_user->user["uid"];

        if (isset($GLOBALS["TSFE"]->fe_user->user["usergroup"]))
            $arr[TYPO3_FE_USER_GROUP] = $GLOBALS["TSFE"]->fe_user->user["usergroup"];
239

Carsten  Rose's avatar
Carsten Rose committed
240
241
242
        if (isset($GLOBALS["TSFE"]->page["uid"]))
            $arr[TYPO3_TT_CONTENT_UID] = $GLOBALS["TSFE"]->page["uid"];

243
244
245
        if (isset($GLOBALS["TSFE"]->id))
            $arr[TYPO3_PAGE_ID] = $GLOBALS["TSFE"]->id;

Carsten  Rose's avatar
Carsten Rose committed
246
247
248
        if (isset($GLOBALS["TSFE"]->type))
            $arr[TYPO3_PAGE_TYPE] = $GLOBALS["TSFE"]->type;

249
250
251
        if (isset($GLOBALS["TSFE"]->sys_language_uid))
            $arr[TYPO3_PAGE_LANGUAGE] = $GLOBALS["TSFE"]->sys_language_uid;

252
        self::setVarArray($arr, STORE_TYPO3, true);
253
    }
254

255
256
257
258
    /**
     * @throws CodeException
     */
    private function fillStoreClient() {
259
260
        // copy GET and POST and SERVER Parameter. Priority: SERVER, POST, GET
        $arr = array_merge($_GET, $_POST, $_SERVER);
261

262
        self::setVarArray($arr, STORE_CLIENT, true);
263
    }
264

Carsten  Rose's avatar
Carsten Rose committed
265
266
    /**
     * @throws CodeException
267
     * @throws UserFormException
Carsten  Rose's avatar
Carsten Rose committed
268
     */
269
    private function fillStoreSip() {
Carsten  Rose's avatar
Carsten Rose committed
270

271
        $sessionName = self::getVar(SYSTEM_SESSION_NAME, STORE_SYSTEM);
272
        self::$sip = new Sip($sessionName);
273

274
275
276
277
        $s = self::getVar(CLIENT_SIP, STORE_CLIENT);
        if ($s !== false) {
            // if session is given, copy values to store
            $param = self::$sip->getVarsFromSip($s);
278
279
            $param[SIP_SIP] = $s;
            $param[SIP_URLPARAM] = self::$sip->getQueryStringFromSip($s);
280

281
//            self::setVarArray(KeyValueStringParser::parse($param, "=", "&"), STORE_SIP);
282
            self::setVarArray($param, STORE_SIP, true);
283
284
285
        }
    }

286
    /**
287
     * Cycles through all stores in $useStore.
288
     * First match will return the found value.
Carsten  Rose's avatar
Carsten Rose committed
289
     * During cycling: fill cache with requestet value and sanitize raw value.
290
     *
291
     * @param string $key
292
     * @param string $useStores f.e.: 'FSRD'
Carsten  Rose's avatar
Carsten Rose committed
293
     * @param string $sanitizeClass
Carsten  Rose's avatar
Carsten Rose committed
294
     * @param string $foundInStore Returns the name of the store where $key has been found. If $key is not found, return ''.
295
     * @return string a) if found: value, b) false
Carsten  Rose's avatar
Carsten Rose committed
296
     * @throws \qfq\CodeException
297
     */
Carsten  Rose's avatar
Carsten Rose committed
298
    public static function getVar($key, $useStores = STORE_USE_DEFAULT, $sanitizeClass = '', &$foundInStore = '') {
299
300

        // no store specifed?
301
        if ($useStores === "" || $useStores === null) {
302
            $useStores = STORE_USE_DEFAULT;
303
304
        }

305
        // no sanitizeClass specified: take predefined (if exist) or default.
306
        if ($sanitizeClass === '' || $sanitizeClass === null) {
Carsten  Rose's avatar
Carsten Rose committed
307
            $sanitizeClass = isset(self::$sanitizeClass[$key]) ? self::$sanitizeClass[$key] : SANITIZE_DEFAULT;
308
309
        }

310
311
312
        while ($useStores !== false) {

            $store = substr($useStores, 0, 1); // next store
Carsten  Rose's avatar
Carsten Rose committed
313
            $foundInStore = $store;
314
315
            $useStores = substr($useStores, 1); // shift left remaining stores

316
            if (!isset(self::$raw[$store][$key])) {
317
                if ($store === STORE_ZERO) {
Carsten  Rose's avatar
Carsten Rose committed
318
319
320
321
                    return 0;
                } else {
                    continue; // no value provided
                }
322
323
            }

324
            $rawVal = isset(self::$raw[$store][$key]) ? self::$raw[$store][$key] : null;
Carsten  Rose's avatar
Carsten Rose committed
325
            if (self::$sanitizeStore[$store] && $sanitizeClass != '') {
326
327
328
329
330
331
//                return \qfq\Sanitize::sanitize($rawVal, $sanitizeClass);
                if ($sanitizeClass == SANITIZE_ALLOW_PATTERN || $sanitizeClass == SANITIZE_ALLOW_MIN_MAX || $sanitizeClass == SANITIZE_ALLOW_MIN_MAX_DATE) {
                    // We do not have any pattern or min|max values at this point. For those who be affected, they already checked earlier. So set 'no check'
                    $sanitizeClass = SANITIZE_ALLOW_ALL;
                }
                return \qfq\Sanitize::sanitize($rawVal, $sanitizeClass, '', SANATIZE_EMPTY_STRING);
332
333
            } else {
                return $rawVal;
334
            }
335
        }
Carsten  Rose's avatar
Carsten Rose committed
336
        $foundInStore = '';
337
        return false;
338
    }
339

340
341
    /**
     * @param string $bodytext
342
     * @param bool|false $phpUnit
343
     * @return null|\qfq\Store
344
     */
345
    public static function getInstance($bodytext = '', $phpUnit = false) {
346

347
        if ($phpUnit) {
348
349
350
351
352
353
354
            if (self::$instance !== null) {

                self::unsetStore(STORE_TYPO3);
                self::fillStoreTypo3($bodytext);

                self::unsetStore(STORE_CLIENT);
                self::fillStoreClient();
355
356
357
358
359
            }
        }

        // Design Pattern: Singleton
        if (self::$instance === null) {
360
361
362
            self::$phpUnit = $phpUnit;

            self::$instance = new self($bodytext);
Carsten  Rose's avatar
Carsten Rose committed
363
364
365
366
        } else {
            // Class Store seems to be presistent over multiple QFQ instantiation. Set bodytext again, with every new request (if bodytext is given).
            if ($bodytext !== '')
                self::fillStoreTypo3($bodytext);
367
368
369
        }

        return self::$instance;
370
    }
371

372

373
374
375
376
    /**
     * @param $store
     */
    public static function unsetStore($store) {
Carsten  Rose's avatar
Carsten Rose committed
377
        // Check valid Storename
Carsten  Rose's avatar
Carsten Rose committed
378
        if (!isset(self::$sanitizeStore))
379
            throw new UserFormException("Unknown Store: $store", ERROR_UNNOWN_STORE);
Carsten  Rose's avatar
Carsten Rose committed
380

381
        if ($store === STORE_ZERO)
Carsten  Rose's avatar
Carsten Rose committed
382
383
            throw new CodeException("unsetStore() for STORE_ZERO is impossible - there are no values.", ERROR_SET_STORE_ZERO);

384
385
386
        if (isset(self::$raw[$store])) {
            self::$raw[$store] = array();
        }
Carsten  Rose's avatar
Carsten Rose committed
387

388
389
    }

390
391
392
393
    /**
     * @param $formName
     * @throws CodeException
     */
394
395
    public
    static function createSipAfterFormLoad($formName) {
396
        $recordId = self::getVar(CLIENT_RECORD_ID, STORE_TYPO3 . STORE_CLIENT);
397
398
399
400
401
402
403
        if ($recordId === false) {
            $recordId = 0;
        }

        $tmpParam = [SIP_RECORD_ID => $recordId, SIP_FORM => $formName];

        // Construct fake urlparam
404
        $tmpUrlparam = OnArray::toString($tmpParam);
405
406

        // Create a fake SIP which has never been passed by URL - further processing might expect this to exist.
407
        $sip = self::getSipInstance()->queryStringToSip($tmpUrlparam, RETURN_SIP);
408
        self::setVar(CLIENT_SIP, $sip, STORE_CLIENT);
409
410
411
412
413

        // Store in SIP Store (cause it's empty until now).
        $tmpParam[SIP_SIP] = $sip;
        self::setVarArray($tmpParam, STORE_SIP);

414
415
416
    }

    /**
417
     * @return null|Sip
418
     */
419
    public static function getSipInstance() {
420
421
        return self::$sip;
    }
422
423
424
425
426

    /**
     * @param $key
     * @param $value
     * @param $store
Carsten  Rose's avatar
Carsten Rose committed
427
     * @param bool|true $overWrite
428
     * @throws UserFormException
429
     */
Carsten  Rose's avatar
Carsten Rose committed
430
431
    public static function setVar($key, $value, $store, $overWrite = true) {
        // Check valid Storename
Carsten  Rose's avatar
Carsten Rose committed
432
        if (!isset(self::$sanitizeStore))
433
            throw new UserFormException("Unknown Store: $store", ERROR_UNNOWN_STORE);
Carsten  Rose's avatar
Carsten Rose committed
434

435
        if ($store === STORE_ZERO)
Carsten  Rose's avatar
Carsten Rose committed
436
437
438
            throw new CodeException("setVar() for STORE_ZERO is impossible - there are no values.", ERROR_SET_STORE_ZERO);

        if ($overWrite === false && isset(self::$raw[$store][$key])) {
439
            throw new UserFormException("Value of '$key' already be set in store '$store'.", ERROR_STORE_KEY_EXIST);
Carsten  Rose's avatar
Carsten Rose committed
440
        }
441
442

        self::$raw[$store][$key] = $value;
443
444
445
446
447
448
449
    }

    /**
     * @param $store
     * @return mixed
     */
    public static function getStore($store) {
Carsten  Rose's avatar
Carsten Rose committed
450
        // Check valid Storename
Carsten  Rose's avatar
Carsten Rose committed
451
        if (!isset(self::$sanitizeStore[$store]))
452
            throw new UserFormException("Unknown Store: $store", ERROR_UNNOWN_STORE);
Carsten  Rose's avatar
Carsten Rose committed
453

454
        if ($store === STORE_ZERO)
Carsten  Rose's avatar
Carsten Rose committed
455
456
            throw new CodeException("getStore() for STORE_ZERO is impossible - there are no values saved.", ERROR_GET_STORE_ZERO);

457
458
459
460
461
        if (isset(self::$raw[$store])) {
            return self::$raw[$store];
        }
        return array();
    }
462

Carsten  Rose's avatar
Carsten Rose committed
463

464
    /**
Carsten  Rose's avatar
Carsten Rose committed
465
466
     * Fills STORE_TABLE_DEFAULT and STORE_TABLE_COLUMN_TYPES
     *
467
468
469
     * @param $tableName
     * @throws CodeException
     */
470
    public function fillStoreTableDefaultColumnType($tableName) {
471
472
473
474
        $db = new qfq\Database();

        $tableDefinition = $db->getTableDefinition($tableName);

Carsten  Rose's avatar
Carsten Rose committed
475
476
        self::setVarArray(array_column($tableDefinition, 'Default', 'Field'), STORE_TABLE_DEFAULT, true);
        self::setVarArray(array_column($tableDefinition, 'Type', 'Field'), STORE_TABLE_COLUMN_TYPES, true);
477
    }
478
479
480
481
482
}