diff --git a/core/core.services.yml b/core/core.services.yml index 402d6ee..25831a7 100644 --- a/core/core.services.yml +++ b/core/core.services.yml @@ -164,6 +164,11 @@ services: arguments: ['@access_check.theme'] calls: - [setRequest, ['@request']] + theme_negotiator_request_subscriber: + class: Drupal\Core\EventSubscriber\ThemeNegotiatorRequestSubscriber + tags: + - { name: event_subscriber } + arguments: ['@theme.negotiator'] theme.negotiator.default: class: Drupal\Core\Theme\DefaultNegotiator arguments: ['@config.factory'] diff --git a/core/includes/bootstrap.inc b/core/includes/bootstrap.inc index be8c695..710d552 100644 --- a/core/includes/bootstrap.inc +++ b/core/includes/bootstrap.inc @@ -215,7 +215,10 @@ * * This strips two levels of directories off the current directory. */ -define('DRUPAL_ROOT', dirname(dirname(__DIR__))); +// @todo Remove this - only needed so drush si will install for testbot. +if (!defined('DRUPAL_ROOT')) { + define('DRUPAL_ROOT', dirname(dirname(__DIR__))); +} /** * Returns the appropriate configuration directory. @@ -233,33 +236,16 @@ * @param bool $reset * Force a full search for matching directories even if one had been * found previously. Defaults to FALSE. + * @param \Symfony\Component\HttpFoundation\Request $request + * The current request. * - * @return + * @return false|string * The path of the matching directory. - * * @see default.settings.php + * @deprecated see \Drupal\Core\DrupalKernel::confPath() */ -function conf_path($require_settings = TRUE, $reset = FALSE) { - $conf_path = &drupal_static(__FUNCTION__, ''); - - if ($conf_path && !$reset) { - return $conf_path; - } - - // Check for a simpletest override. - if ($simpletest_conf_path = _drupal_simpletest_conf_path()) { - $conf_path = $simpletest_conf_path; - return $conf_path; - } - - // Otherwise, use the normal $conf_path. - $script_name = $_SERVER['SCRIPT_NAME']; - if (!$script_name) { - $script_name = $_SERVER['SCRIPT_FILENAME']; - } - $http_host = $_SERVER['HTTP_HOST']; - $conf_path = find_conf_path($http_host, $script_name, $require_settings); - return $conf_path; +function conf_path($require_settings = TRUE, $reset = FALSE, Request $request = NULL) { + return DrupalKernel::confPath($request, $require_settings, $reset); } /** @@ -1632,7 +1618,9 @@ function drupal_bootstrap($phase = NULL) { switch ($current_phase) { case DRUPAL_BOOTSTRAP_CONFIGURATION: - _drupal_bootstrap_configuration(); + // @todo This is only called from Legacy CLI scripts like drush. + // Remove when they use the Drupal Kernel proper. + DrupalKernel::bootConfiguration(Request::createFromGlobals()); break; case DRUPAL_BOOTSTRAP_KERNEL: @@ -1658,54 +1646,6 @@ function drupal_bootstrap($phase = NULL) { } /** - * Handles an entire PHP request. - * - * This function may be called by PHP scripts (e.g., Drupal's index.php) that - * want Drupal to take over the entire PHP processing of the request. The only - * expectation is that PHP's superglobals are initialized as desired (PHP does - * this automatically, but some scripts might want to alter them) and that the - * DRUPAL_ROOT constant is defined and set to the absolute server directory of - * Drupal's codebase. - * - * Scripts and applications that want to invoke multiple Drupal requests within - * a single PHP request, or Drupal request handling within some larger workflow, - * should not call this function, but instead instantiate and use - * \Drupal\Core\DrupalKernel as needed. - * - * @param boolean $test_only - * Whether to restrict handling to only requests invoked by SimpleTest. - * - * @see index.php - */ -function drupal_handle_request($test_only = FALSE) { - // Initialize the environment, load settings.php, and activate a PSR-0 class - // autoloader with required namespaces registered. - drupal_bootstrap(DRUPAL_BOOTSTRAP_CONFIGURATION); - - // Exit if we should be in a test environment but aren't. - if ($test_only && !drupal_valid_test_ua()) { - header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden'); - exit; - } - - $kernel = new DrupalKernel('prod', drupal_classloader(), !$test_only); - - // @todo Remove this once everything in the bootstrap has been - // converted to services in the DIC. - $kernel->boot(); - - // Create a request object from the HttpFoundation. - $request = Request::createFromGlobals(); - \Drupal::getContainer()->set('request', $request); - - drupal_bootstrap(DRUPAL_BOOTSTRAP_CODE); - - $response = $kernel->handle($request)->prepare($request)->send(); - - $kernel->terminate($request, $response); -} - -/** * Returns the time zone of the current user. */ function drupal_get_user_timezone() { @@ -1785,42 +1725,6 @@ function _drupal_exception_handler($exception) { } /** - * Sets up the script environment and loads settings.php. - */ -function _drupal_bootstrap_configuration() { - drupal_environment_initialize(); - // Initialize the configuration, including variables from settings.php. - drupal_settings_initialize(); - - // Make sure we are using the test database prefix in child Drupal sites. - _drupal_initialize_db_test_prefix(); - - // Activate the class loader. - drupal_classloader(); - - // Start a page timer: - Timer::start('page'); - - // Detect string handling method. - Unicode::check(); - - // Load the procedural configuration system helper functions. - require_once __DIR__ . '/config.inc'; - - // Set the Drupal custom error handler. (requires \Drupal::config()) - set_error_handler('_drupal_error_handler'); - set_exception_handler('_drupal_exception_handler'); - - // Redirect the user to the installation script if Drupal has not been - // installed yet (i.e., if no $databases array has been defined in the - // settings.php file) and we are not already installing. - if (empty($GLOBALS['databases']) && !drupal_installation_attempted() && !drupal_is_cli()) { - include_once __DIR__ . '/install.inc'; - install_goto('core/install.php'); - } -} - -/** * Initialize the kernel / service container. */ function _drupal_bootstrap_kernel() { @@ -2099,7 +2003,7 @@ function _drupal_load_test_overrides($test_prefix) { $filename = conf_path() . '/files/' . $path_prefix . '/settings.php'; if (file_exists($filename)) { $settings = settings()->getAll(); - $conf_path = &drupal_static('conf_path'); + $conf_path = DrupalKernel::confPath(); // This can override $conf, $conf_path, $settings, and $config_directories. include $filename; // Keep the overriden $conf_path alive across drupal_static_reset() calls. @@ -2230,6 +2134,9 @@ function language_default() { /** * Returns the requested URL path of the page being viewed. * + * @param \Symfony\Component\HttpFoundation\Request|NULL $request + * (Optional) The request to derive the request path from. Defaults to NULL + * * Examples: * - http://example.com/node/306 returns "node/306". * - http://example.com/drupalfolder/node/306 returns "node/306" while @@ -2242,39 +2149,11 @@ function language_default() { * @return * The requested Drupal URL path. * + * @deprecated use \Drupal\Core\DrupalKernel::requestPath($request). * @see current_path() */ -function request_path() { - static $path; - - if (isset($path)) { - return $path; - } - - // Get the part of the URI between the base path of the Drupal installation - // and the query string, and unescape it. - $request_path = request_uri(TRUE); - $base_path_len = strlen(rtrim(dirname($_SERVER['SCRIPT_NAME']), '\/')); - $path = substr(urldecode($request_path), $base_path_len + 1); - - // Depending on server configuration, the URI might or might not include the - // script name. For example, the front page might be accessed as - // http://example.com or as http://example.com/index.php, and the "user" - // page might be accessed as http://example.com/user or as - // http://example.com/index.php/user. Strip the script name from $path. - $script = basename($_SERVER['SCRIPT_NAME']); - if ($path == $script) { - $path = ''; - } - elseif (strpos($path, $script . '/') === 0) { - $path = substr($path, strlen($script) + 1); - } - - // Extra slashes can appear in URLs or under some conditions, added by Apache, - // so normalize. - $path = trim($path, '/'); - - return $path; +function request_path(Request $request = NULL) { + DrupalKernel::requestPath($request); } /** @@ -2282,11 +2161,7 @@ function request_path() { * Symfony's Request object exclusively. */ function _current_path($path = NULL) { - static $current_path = ''; - if (isset($path)) { - $current_path = $path; - } - return $current_path; + return DrupalKernel::currentPath($path); } /** diff --git a/core/includes/install.core.inc b/core/includes/install.core.inc index 0a57f16..e4acd21 100644 --- a/core/includes/install.core.inc +++ b/core/includes/install.core.inc @@ -274,9 +274,9 @@ function install_begin_request(&$install_state) { // This primes the site path to be used during installation. By not requiring // settings.php, a bare site folder can be prepared in the /sites directory, // which will be used for installing Drupal. - conf_path(FALSE); + conf_path(FALSE, FALSE, $request); - drupal_bootstrap(DRUPAL_BOOTSTRAP_CONFIGURATION); + DrupalKernel::bootConfiguration($request); // If the hash salt leaks, it becomes possible to forge a valid testing user // agent, install a new copy of Drupal, and take over the original site. To @@ -1067,7 +1067,7 @@ function install_verify_database_settings() { if (!empty($databases)) { $database = $databases['default']['default']; drupal_static_reset('conf_path'); - $settings_file = './' . conf_path(FALSE) . '/settings.php'; + $settings_file = './' . conf_path(\Drupal::request(), FALSE) . '/settings.php'; $errors = install_database_errors($database, $settings_file); if (empty($errors)) { return TRUE; @@ -2394,7 +2394,7 @@ function install_check_requirements($install_state) { 'description' => t('The @drupal installer requires that the %default-file file not be modified in any way from the original download.', array('@drupal' => drupal_install_profile_distribution_name(), '%default-file' => $default_settings_file)), ); } - // Otherwise, if settings.php does not exist yet, we can try to copy + // Otherwise, if settings.php does nkLaot exist yet, we can try to copy // default.settings.php to create it. elseif (!$exists) { $copied = drupal_verify_install_file($conf_path, FILE_EXIST|FILE_WRITABLE, 'dir') && @copy($default_settings_file, $settings_file); diff --git a/core/includes/theme.inc b/core/includes/theme.inc index 144882b9b..b58cf43 100644 --- a/core/includes/theme.inc +++ b/core/includes/theme.inc @@ -18,6 +18,7 @@ use Drupal\Core\Theme\ThemeSettings; use Drupal\Component\Utility\NestedArray; use Drupal\Component\Utility\MapArray; +use Symfony\Component\HttpFoundation\Request; /** * @defgroup content_flags Content markers @@ -83,10 +84,10 @@ function drupal_theme_access($theme) { /** * Initializes the theme system by loading the theme. */ -function drupal_theme_initialize() { +function drupal_theme_initialize(Request $request = NULL) { global $theme, $user, $theme_key; - // If $theme is already set, assume the others are set, too, and do nothing + // If $theme is already set, assume the others are set, too, and do nothing. if (isset($theme)) { return; } @@ -96,7 +97,9 @@ function drupal_theme_initialize() { // @todo Let the theme.negotiator listen to the kernel request event. // Determine the active theme for the theme negotiator service. This includes // the default theme as well as really specific ones like the ajax base theme. - $request = \Drupal::request(); + if (!$request) { + $request = \Drupal::request(); + } $theme = \Drupal::service('theme.negotiator')->determineActiveTheme($request) ?: 'stark'; // Store the identifier for retrieving theme settings with. diff --git a/core/install.php b/core/install.php index b12947a..fdc19dc 100644 --- a/core/install.php +++ b/core/install.php @@ -9,6 +9,7 @@ chdir('..'); require_once __DIR__ . '/vendor/autoload.php'; +define('DRUPAL_ROOT', dirname(__DIR__)); /** * Global flag to indicate the site is in installation mode. diff --git a/core/lib/Drupal/Core/DrupalKernel.php b/core/lib/Drupal/Core/DrupalKernel.php index 46a7fee..22e4e22 100644 --- a/core/lib/Drupal/Core/DrupalKernel.php +++ b/core/lib/Drupal/Core/DrupalKernel.php @@ -8,6 +8,11 @@ namespace Drupal\Core; use Drupal\Component\PhpStorage\PhpStorageFactory; +use Drupal\Component\Utility\Settings; +use Drupal\Component\Utility\String; +use Drupal\Component\Utility\Timer; +use Drupal\Component\Utility\Unicode; +use Drupal\Component\Utility\Url; use Drupal\Core\Config\BootstrapConfigStorageFactory; use Drupal\Core\CoreServiceProvider; use Drupal\Core\DependencyInjection\ContainerBuilder; @@ -22,6 +27,7 @@ use Symfony\Component\HttpKernel\HttpKernelInterface; use Symfony\Component\HttpKernel\TerminableInterface; use Composer\Autoload\ClassLoader; +use Symfony\Component\HttpKernel\Kernel; /** * The DrupalKernel class is the core of Drupal itself. @@ -41,6 +47,91 @@ class DrupalKernel implements DrupalKernelInterface, TerminableInterface { const CONTAINER_BASE_CLASS = '\Drupal\Core\DependencyInjection\Container'; /** + * Pre bootstrap phase: No bootstrap attempted at all. + */ + const BOOTSTRAP_COLD = -3; + + /** + * Pre bootstrap phase: initialize environment based on incoming Request. + */ + const BOOTSTRAP_ENVIRONMENT = -2; + + /** + * Pre bootstrap phase: initialize settings. + */ + const BOOTSTRAP_SETTINGS = -1; + + /** + * First bootstrap phase: initialize configuration. + */ + const BOOTSTRAP_CONFIGURATION = 0; + + /** + * Second bootstrap phase, initalize a kernel. + */ + const BOOTSTRAP_KERNEL = 1; + + /** + * Third bootstrap phase: try to serve a cached page. + */ + const BOOTSTRAP_PAGE_CACHE = 2; + + /** + * Fourth bootstrap phase: initialize database layer. + */ + const BOOTSTRAP_DATABASE = 3; + + /** + * Fifth bootstrap phase: initialize the variable system. + */ + const BOOTSTRAP_VARIABLES = 4; + + /** + * Sixth bootstrap phase: load code for subsystems and modules. + */ + const BOOTSTRAP_CODE = 5; + + /** + * Final bootstrap phase: initialize language, path, theme, and modules. + */ + const BOOTSTRAP_FULL = 6; + + /** + * Whether or not configuration has been bootstrapped. + * + * @var bool + */ + protected static $bootLevel = self::BOOTSTRAP_COLD; + + /** + * The current request path. + * + * @var string + */ + protected static $requestPath = FALSE; + + /** + * Global DrupalKernel singleton. + * + * @var self + */ + protected static $singleton = FALSE; + + /** + * The current request path. + * + * @var string + */ + protected static $currentPath; + + /** + * The conf path for the given request. + * + * @var string + */ + protected static $confPath = ''; + + /** * Holds the container instance. * * @var \Symfony\Component\DependencyInjection\ContainerInterface @@ -160,26 +251,59 @@ class DrupalKernel implements DrupalKernelInterface, TerminableInterface { * @param bool $allow_dumping * (optional) FALSE to stop the container from being written to or read * from disk. Defaults to TRUE. + * @param bool $test_only + * (optional) Whether the DrupalKernel object is for testing purposes only. + * Defaults to FALSE. */ - public function __construct($environment, ClassLoader $class_loader, $allow_dumping = TRUE) { - $this->environment = $environment; - $this->booted = FALSE; - $this->classLoader = $class_loader; + public function __construct($environment, ClassLoader $class_loader = NULL, $allow_dumping = TRUE, $test_only = FALSE) { $this->allowDumping = $allow_dumping; + $this->testOnly = $test_only; + if ($class_loader) { + $this->classLoader = $class_loader; + } + else { + $this->classLoader = drupal_classloader(); + } } /** - * {@inheritdoc} + * Builds the kernel based on the current request. + * + * @param \Symfony\Component\HttpFoundation\Request $request + * The active request. + * + * @return \Drupal\Core\DrupalKernel + * Returns the built kernel. */ - public function boot() { - if ($this->booted) { - return; - } - $this->initializeContainer(); - $this->booted = TRUE; - if ($this->containerNeedsDumping && !$this->dumpDrupalContainer($this->container, static::CONTAINER_BASE_CLASS)) { - watchdog('DrupalKernel', 'Container cannot be written to disk'); + public static function createFromRequest(Request $request) { + return static::bootCode($request); + } + + /** + * Sets or returns the current request path. + * + * @param string $path + * (optional) Path to set as the current path. If NULL, returns the current + * path. Defaults to NULL. + * + * @return string + * The current path. + */ + public static function currentPath($path = NULL) { + if (isset($path)) { + self::$currentPath = $path; } + return self::$currentPath; + } + + /** + * Sets the classloader. + * + * @param \Composer\Autoload\ClassLoader;ClassLoader $class_loader + * The class loader. + */ + public function setClassLoader(ClassLoader $class_loader) { + $this->classLoader = $class_loader; } /** @@ -203,13 +327,502 @@ public function getContainer() { /** * {@inheritdoc} */ + public function boot() { + if ($this->booted) { + return; + } + $this->initializeContainer(); + $this->booted = TRUE; + if ($this->containerNeedsDumping && !$this->dumpDrupalContainer($this->container, static::CONTAINER_BASE_CLASS)) { + watchdog('DrupalKernel', 'Container cannot be written to disk'); + } + } + + /** + * Sets testOnly property. + * + * @param bool $test_only + * Whether this is a test only. + * + * @see core/modules/system/tests/https.php + * @see core/modules/system/tests/http.php + * + * @todo Drop this and use a Request attribute instead. + * + * @return $this + */ + public function setTestOnly($test_only) { + $this->testOnly = $test_only; + return $this; + } + + /** + * Handle the request. + * + * @param \Symfony\Component\HttpFoundation\Request; $request + * The request. + * @param int $type + * Request type. + * @param bool $catch + * Catch errors. + * + * @return \Symfony\Component\HttpFoundation\Response + * The response. + */ + public function handle(Request $request, $type = self::MASTER_REQUEST, $catch = TRUE) { + // Exit if we should be in a test environment but aren't. + // @todo Refactor this into a test kernel. + if ($this->testOnly && !drupal_valid_test_ua()) { + header($request->server->get('SERVER_PROTOCOL') . ' 403 Forbidden'); + exit; + } + + return $this->getHttpKernel()->handle($request, $type, $catch); + } + + /** + * Bootstraps configuration (config.inc and config()). + * + * @param \Symfony\Component\HttpFoundation\Request $request + * The current request. + */ + public static function bootConfiguration(Request $request) { + if (static::$bootLevel >= self::BOOTSTRAP_CONFIGURATION) { + return; + } + static::bootSettings($request); + // Start a page timer: + Timer::start('page'); + + // Detect string handling method. + Unicode::check(); + + // Load the procedural configuration system helper functions. + require_once DRUPAL_ROOT . '/core/includes/config.inc'; + + // Set the Drupal custom error handler. (requires config()) + set_error_handler('_drupal_error_handler'); + set_exception_handler('_drupal_exception_handler'); + + // Redirect the user to the installation script if Drupal has not been + // installed yet (i.e., if no $databases array has been defined in the + // settings.php file) and we are not already installing. + if (empty($GLOBALS['databases']) && !drupal_installation_attempted()) { + include_once __DIR__ . '/install.inc'; + install_goto('core/install.php'); + } + static::$bootLevel = self::BOOTSTRAP_CONFIGURATION; + } + + /** + * Returns the requested URL path of the page being viewed. + * + * @param \Symfony\Component\HttpFoundation\Request|NULL $request + * (Optional) The request to derive the request path from. Defaults to NULL + * + * Examples: + * - http://example.com/node/306 returns "node/306". + * - http://example.com/drupalfolder/node/306 returns "node/306" while + * base_path() returns "/drupalfolder/". + * - http://example.com/path/alias (which is a path alias for node/306) + * returns "path/alias" as opposed to the internal path. + * - http://example.com/index.php returns an empty string (meaning: front + * page). + * - http://example.com/index.php?page=1 returns an empty string. + * + * @return string + * The requested Drupal URL path. + */ + public static function requestPath(Request $request = NULL) { + if (!$request) { + // @todo Do we even need this? + $request = \Drupal::request(); + } + if (static::$requestPath) { + return static::$requestPath; + } + + // Get the part of the URI between the base path of the Drupal installation + // and the query string, and unescape it. + $request_path = request_uri(TRUE); + $base_path_len = strlen(rtrim(dirname($request->server->get('SCRIPT_NAME')), '\/')); + static::$requestPath = substr(urldecode($request_path), $base_path_len + 1); + + // Depending on server configuration, the URI might or might not include the + // script name. For example, the front page might be accessed as + // http://example.com or as http://example.com/index.php, and the "user" + // page might be accessed as http://example.com/user or as + // http://example.com/index.php/user. Strip the script name from $path. + $script = basename($request->server->get('SCRIPT_NAME')); + if (static::$requestPath == $script) { + static::$requestPath = ''; + } + elseif (strpos(static::$requestPath, $script . '/') === 0) { + $path = substr($path, strlen($script) + 1); + } + + // Extra slashes can appear in URLs or under some conditions, added by + // Apache so normalize. + static::$requestPath = trim(static::$requestPath, '/'); + + return static::$requestPath; + } + + /** + * Bootstraps the environment. + * + * @param \Symfony\Component\HttpFoundation\Request $request + * The current request. + */ + public static function bootEnvironment(Request $request) { + if (static::$bootLevel >= self::BOOTSTRAP_ENVIRONMENT) { + return; + } + require_once DRUPAL_ROOT . '/core/includes/bootstrap.inc'; + // Make sure the \Drupal class is available. + // @todo Remove this if not needed. + // require_once DRUPAL_ROOT . '/core/lib/Drupal.php'; + + if (!$request->server->has('HTTP_REFERER')) { + $request->server->set('HTTP_REFERER', ''); + } + if (!$request->server->has('SERVER_PROTOCOL') || (!in_array($request->server->get('SERVER_PROTOCOL'), array('HTTP/1.0', 'HTTP/1.1')))) { + $request->server->set('SERVER_PROTOCOL', 'HTTP/1.0'); + } + + // Some pre-HTTP/1.1 clients will not send a Host header. Ensure the key + // is defined for E_ALL compliance. + $host = ''; + if ($request->server->has('HTTP_HOST')) { + // As HTTP_HOST is user input, ensure it only contains characters allowed + // in hostnames. See RFC 952 (and RFC 2181). + // $_SERVER['HTTP_HOST'] is lowercased here per specifications. + $host = strtolower($request->server->get('HTTP_HOST')); + if (!preg_match('/^\[?(?:[a-zA-Z0-9-:\]_]+\.?)+$/', $host)) { + // HTTP_HOST is invalid, e.g. if containing slashes it may be an attack. + header($request->server->get('SERVER_PROTOCOL') . ' 400 Bad Request'); + exit; + } + } + $request->server->set('HTTP_HOST', $host); + + // @todo Refactor with the Symfony Request object. + static::currentPath(static::requestPath($request)); + + // Enforce E_STRICT, but allow users to set levels not part of E_STRICT. + error_reporting(E_STRICT | E_ALL | error_reporting()); + + // Override PHP settings required for Drupal to work properly. + // sites/default/default.settings.php contains more runtime settings. + // The .htaccess file contains settings that cannot be changed at runtime. + // Deny execution with enabled "magic quotes" (both GPC and runtime). + if (get_magic_quotes_gpc() || get_magic_quotes_runtime()) { + header($request->server->get('SERVER_PROTOCOL') . ' 500 Internal Server Error'); + print "PHP's 'magic_quotes_gpc' and 'magic_quotes_runtime' settings are not supported and must be disabled."; + exit; + } + + // Use session cookies, not transparent sessions that puts the session id in + // the query string. + ini_set('session.use_cookies', '1'); + ini_set('session.use_only_cookies', '1'); + ini_set('session.use_trans_sid', '0'); + // Don't send HTTP headers using PHP's session handler. + // Send an empty string to disable the cache limiter. + ini_set('session.cache_limiter', ''); + // Use httponly session cookies. + ini_set('session.cookie_httponly', '1'); + + // Set sane locale settings, to ensure consistent string, dates, times and + // numbers handling. + setlocale(LC_ALL, 'C'); + static::$bootLevel = self::BOOTSTRAP_ENVIRONMENT; + } + + /** + * Returns the appropriate configuration directory. + * + * Returns the configuration path based on the site's hostname, port, and + * pathname. Uses find_conf_path() to find the current configuration + * directory. See default.settings.php for examples on how the URL is + * converted to a directory. + * + * @param \Symfony\Component\HttpFoundation\Request $request + * (optional) The current request. If not passed, defaults to request as + * stored in the container at \Drupal::request(). + * @param bool $require_settings + * Only configuration directories with an existing settings.php file + * will be recognized. Defaults to TRUE. During initial installation, + * this is set to FALSE so that Drupal can detect a matching directory, + * then create a new settings.php file in it. + * @param bool $reset + * Force a full search for matching directories even if one had been + * found previously. Defaults to FALSE. + * + * @return false|string + * The path of the matching directory. + * @see default.settings.php + */ + public static function confPath(Request $request = NULL, $require_settings = TRUE, $reset = FALSE) { + if (static::$confPath && !$reset) { + return static::$confPath; + } + $container = \Drupal::getContainer(); + if ($container && $container->has('request')) { + $request = $request ?: $container->get('request'); + } + else { + // CLI or other script that doesn't yet handle creating the kernel from a + // request. Build it for them. + // @todo Remove once all CLI integration, drush etc uses the static + // createFromRequest() method to build the kernel. + $request = $request ?: Request::createFromGlobals(); + } + + // Check for a simpletest override. + if ($simpletest_conf_path = _drupal_simpletest_conf_path()) { + static::$confPath = $simpletest_conf_path; + return static::$confPath; + } + + // Otherwise, use the normal $conf_path. + $script_name = $request->server->get('SCRIPT_NAME'); + if (!$script_name) { + $script_name = $request->server->get('SCRIPT_FILENAME'); + } + $http_host = $request->server->get('HTTP_HOST'); + static::$confPath = find_conf_path($http_host, $script_name, $require_settings); + return static::$confPath; + } + + /** + * Bootstraps the settings() system. + * + * @param \Symfony\Component\HttpFoundation $request + * The current request. + */ + public static function bootSettings(Request $request) { + if (static::$bootLevel >= self::BOOTSTRAP_SETTINGS) { + return; + } + static::bootEnvironment($request); + global $base_url, $base_path, $base_root, $script_path; + + // Export these settings.php variables to the global namespace. + global $databases, $cookie_domain, $conf, $db_prefix, $drupal_hash_salt, $base_secure_url, $base_insecure_url, $config_directories; + $conf = array(); + + // Make conf_path() available as local variable in settings.php. + $conf_path = static::confPath($request, TRUE, FALSE); + if (is_readable(DRUPAL_ROOT . '/' . $conf_path . '/settings.php')) { + include_once DRUPAL_ROOT . '/' . $conf_path . '/settings.php'; + } + require_once DRUPAL_ROOT . '/core/lib/Drupal/Component/Utility/Settings.php'; + new Settings(isset($settings) ? $settings : array()); + $is_https = (strtolower($request->server->get('HTTPS')) == 'on'); + + if (isset($base_url)) { + // Parse fixed base URL from settings.php. + $parts = parse_url($base_url); + if (!isset($parts['path'])) { + $parts['path'] = ''; + } + $base_path = $parts['path'] . '/'; + // Build $base_root (everything until first slash after "scheme://"). + $base_root = substr($base_url, 0, strlen($base_url) - strlen($parts['path'])); + } + else { + // Create base URL. + $http_protocol = $is_https ? 'https' : 'http'; + $base_root = $http_protocol . '://' . $request->server->get('HTTP_HOST'); + + $base_url = $base_root; + + // For a request URI of '/index.php/foo', $_SERVER['SCRIPT_NAME'] is + // '/index.php', whereas $_SERVER['PHP_SELF'] is '/index.php/foo'. + if ($dir = rtrim(dirname($request->server->get('SCRIPT_NAME')), '\/')) { + // Remove "core" directory if present, allowing install.php, update.php, + // and others to auto-detect a base path. + $core_position = strrpos($dir, '/core'); + if ($core_position !== FALSE && strlen($dir) - 5 == $core_position) { + $base_path = substr($dir, 0, $core_position); + } + else { + $base_path = $dir; + } + $base_url .= $base_path; + $base_path .= '/'; + } + else { + $base_path = '/'; + } + } + $base_secure_url = str_replace('http://', 'https://', $base_url); + $base_insecure_url = str_replace('https://', 'http://', $base_url); + + // Determine the path of the script relative to the base path, and add a + // trailing slash. This is needed for creating URLs to Drupal pages. + if (!isset($script_path)) { + $script_path = ''; + // We don't expect scripts outside of the base path, but sanity check + // anyway. + if (strpos($request->server->get('SCRIPT_NAME'), $base_path) === 0) { + $script_path = substr($request->server->get('SCRIPT_NAME'), strlen($base_path)) . '/'; + // If the request URI does not contain the script name, then clean URLs + // are in effect and the script path can be similarly dropped from URL + // generation. For servers that don't provide $_SERVER['REQUEST_URI'], + // we do not know the actual URI requested by the client, and + // request_uri() returns a URI with the script name, resulting in + // non-clean URLs unless + // there's other code that intervenes. + if (strpos(request_uri(TRUE) . '/', $base_path . $script_path) !== 0) { + $script_path = ''; + } + // @todo Temporary BC for install.php, update.php, and other scripts. + // - http://drupal.org/node/1547184 + // - http://drupal.org/node/1546082 + if ($script_path !== 'index.php/') { + $script_path = ''; + } + } + } + + if ($cookie_domain) { + // If the user specifies the cookie domain, also use it for session name. + $session_name = $cookie_domain; + } + else { + // Otherwise use $base_url as session name, without the protocol + // to use the same session identifiers across HTTP and HTTPS. + list(, $session_name) = explode('://', $base_url, 2); + // HTTP_HOST can be modified by a visitor, but we already sanitized it + // in drupal_settings_initialize(). + if ($cookie_domain = $request->server->get('HTTP_HOST')) { + // Strip leading periods, www., and port numbers from cookie domain. + $cookie_domain = ltrim($cookie_domain, '.'); + if (strpos($cookie_domain, 'www.') === 0) { + $cookie_domain = substr($cookie_domain, 4); + } + $cookie_domain = explode(':', $cookie_domain); + $cookie_domain = '.' . $cookie_domain[0]; + } + } + // Per RFC 2109, cookie domains must contain at least one dot other than the + // first. For hosts such as 'localhost' or IP Addresses we don't set a + // cookie domain. + if (count(explode('.', $cookie_domain)) > 2 && !is_numeric(str_replace('.', '', $cookie_domain))) { + ini_set('session.cookie_domain', $cookie_domain); + } + // To prevent session cookies from being hijacked, a user can configure the + // SSL version of their website to only transfer session cookies via SSL by + // using PHP's session.cookie_secure setting. The browser will then use two + // separate session cookies for the HTTPS and HTTP versions of the site. So + // we must use different session identifiers for HTTPS and HTTP to prevent a + // cookie collision. + if ($is_https) { + ini_set('session.cookie_secure', TRUE); + } + $prefix = ini_get('session.cookie_secure') ? 'SSESS' : 'SESS'; + session_name($prefix . substr(hash('sha256', $session_name), 0, 32)); + static::$bootLevel = self::BOOTSTRAP_SETTINGS; + } + + /** + * Bootstraps code from include and module files. + * + * @param \Symfony\Component\HttpFoundation\Request $request + * The current request. + * @param string $environment + * The environment to bootstrap. + * + * @return \Drupal\Core\DrupalKernel + * The bootstapped kernel. + */ + public static function bootCode(Request $request, $environment = 'prod') { + if (static::$bootLevel >= self::BOOTSTRAP_CODE) { + return static::$singleton; + } + static::bootConfiguration($request); + global $conf; + $test_only = FALSE; + if (drupal_valid_test_ua()) { + // Make sure we are using the test database prefix in child Drupal sites. + // @todo Refactor this into a test kernel. + _drupal_initialize_db_test_prefix(); + + // @todo - Later we can just boot it as such when testing via the kernel. + $environment = 'testing'; + $test_only = TRUE; + } + static::$singleton = new static($environment, drupal_classloader(), TRUE, $test_only); + static::$singleton->boot(); + require_once DRUPAL_ROOT . '/core/includes/../../' . settings()->get('path_inc', 'core/includes/path.inc'); + require_once DRUPAL_ROOT . '/core/includes/theme.inc'; + require_once DRUPAL_ROOT . '/core/includes/pager.inc'; + require_once DRUPAL_ROOT . '/core/includes/../../' . settings()->get('menu_inc', 'core/includes/menu.inc'); + require_once DRUPAL_ROOT . '/core/includes/tablesort.inc'; + require_once DRUPAL_ROOT . '/core/includes/file.inc'; + require_once DRUPAL_ROOT . '/core/includes/unicode.inc'; + require_once DRUPAL_ROOT . '/core/includes/form.inc'; + require_once DRUPAL_ROOT . '/core/includes/mail.inc'; + require_once DRUPAL_ROOT . '/core/includes/ajax.inc'; + require_once DRUPAL_ROOT . '/core/includes/errors.inc'; + require_once DRUPAL_ROOT . '/core/includes/schema.inc'; + require_once DRUPAL_ROOT . '/core/includes/entity.inc'; + require_once DRUPAL_ROOT . '/core/includes/database.inc'; + require_once DRUPAL_ROOT . '/core/includes/common.inc'; + require_once DRUPAL_ROOT . '/core/includes/module.inc'; + require_once DRUPAL_ROOT . '/core/includes/cache.inc'; + + // Load variables from the database, but do not overwrite variables set in + // settings.php. + $conf = variable_initialize(isset($conf) ? $conf : array()); + + // Load all enabled modules. + \Drupal::moduleHandler()->loadAll(); + + // Enter the request scope so that current_user service is available for + // locale/translation sake. + static::$singleton->container->enterScope('request'); + static::$singleton->container->set('request', $request); + // Make sure all stream wrappers are registered. + file_get_stream_wrappers(); + + // Now that stream wrappers are registered, log fatal errors from a + // simpletest child site to a test specific file directory. + $test_info = &$GLOBALS['drupal_test_info']; + if (!empty($test_info['in_child_site'])) { + ini_set('log_errors', 1); + ini_set('error_log', 'public://error.log'); + } + + // Set the allowed protocols once we have the config available. + $allowed_protocols = \Drupal::config('system.filter')->get('protocols'); + if (!isset($allowed_protocols)) { + // filter_xss_admin() is called by the installer and update.php, in which + // case the configuration may not exist (yet). Provide a minimal default + // set of allowed protocols for these cases. + $allowed_protocols = array('http', 'https'); + } + Url::setAllowedProtocols($allowed_protocols); + static::$singleton->container->leaveScope('request'); + + return static::$singleton; + } + + /** + * Returns an array of available bundles. + * + * @return array + * The available bundles. + */ public function discoverServiceProviders() { $this->configStorage = BootstrapConfigStorageFactory::get(); $serviceProviders = array( 'CoreServiceProvider' => new CoreServiceProvider(), ); $this->serviceYamls = array( - 'core/core.services.yml' + 'core/core.services.yml', ); $this->serviceProviderClasses = array('Drupal\Core\CoreServiceProvider'); @@ -273,17 +886,6 @@ public function terminate(Request $request, Response $response) { } /** - * {@inheritdoc} - */ - public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = TRUE) { - if (FALSE === $this->booted) { - $this->boot(); - } - - return $this->getHttpKernel()->handle($request, $type, $catch); - } - - /** * Returns module data on the filesystem. * * @param $module diff --git a/core/lib/Drupal/Core/EventSubscriber/ThemeNegotiatorRequestSubscriber.php b/core/lib/Drupal/Core/EventSubscriber/ThemeNegotiatorRequestSubscriber.php new file mode 100644 index 0000000..7412aad --- /dev/null +++ b/core/lib/Drupal/Core/EventSubscriber/ThemeNegotiatorRequestSubscriber.php @@ -0,0 +1,71 @@ +themeNegotiator = $theme_negotiator; + } + + /** + * Sets the request on the language manager. + * + * @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event + * The Event to process. + */ + public function onKernelRequestThemeNegotiator(GetResponseEvent $event) { + if ($event->getRequestType() == HttpKernelInterface::MASTER_REQUEST) { + $this->themeNegotiator->setRequest($event->getRequest()); + // Let all modules take action before the menu system handles the request. + // We do not want this while running update.php. + if (!defined('MAINTENANCE_MODE') || MAINTENANCE_MODE != 'update') { + // @todo Refactor drupal_theme_initialize() into a request subscriber. + drupal_theme_initialize($event->getRequest()); + } + } + } + + /** + * Registers the methods in this class that should be listeners. + * + * @return array + * An array of event listener definitions. + */ + public static function getSubscribedEvents() { + $events[KernelEvents::REQUEST][] = array('onKernelRequestThemeNegotiator', 100); + + return $events; + } + +} diff --git a/core/modules/dblog/lib/Drupal/dblog/Tests/DbLogTest.php b/core/modules/dblog/lib/Drupal/dblog/Tests/DbLogTest.php index 24add00..0de0371 100644 --- a/core/modules/dblog/lib/Drupal/dblog/Tests/DbLogTest.php +++ b/core/modules/dblog/lib/Drupal/dblog/Tests/DbLogTest.php @@ -137,7 +137,7 @@ private function generateLogEntries($count, $type = 'custom', $severity = WATCHD 'user' => $this->big_user, 'uid' => $this->big_user->id(), 'request_uri' => $base_root . request_uri(), - 'referer' => $_SERVER['HTTP_REFERER'], + 'referer' => \Drupal::request()->server->get('HTTP_REFERER'), 'ip' => '127.0.0.1', 'timestamp' => REQUEST_TIME, ); @@ -420,7 +420,7 @@ protected function testDBLogAddAndClear() { 'user' => $this->big_user, 'uid' => $this->big_user->id(), 'request_uri' => $base_root . request_uri(), - 'referer' => $_SERVER['HTTP_REFERER'], + 'referer' => \Drupal::request()->server->get('HTTP_REFERER'), 'ip' => '127.0.0.1', 'timestamp' => REQUEST_TIME, ); diff --git a/core/modules/statistics/statistics.php b/core/modules/statistics/statistics.php index 59675f1..10d93e1 100644 --- a/core/modules/statistics/statistics.php +++ b/core/modules/statistics/statistics.php @@ -2,6 +2,14 @@ /** * @file + * Provides statistics update callback. + */ + +use Drupal\Core\DrupalKernel; +use Symfony\Component\HttpFoundation\Request; + +/** + * @file * Handles counts of node views via AJAX with minimal bootstrap. */ @@ -11,7 +19,7 @@ // Load the Drupal bootstrap. require_once dirname(dirname(__DIR__)) . '/vendor/autoload.php'; require_once dirname(dirname(__DIR__)) . '/includes/bootstrap.inc'; -drupal_bootstrap(DRUPAL_BOOTSTRAP_PAGE_CACHE); +$kernel = DrupalKernel::createFromRequest(Request::createFromGlobals()); if (\Drupal::config('statistics.settings')->get('count_content_views')) { $nid = filter_input(INPUT_POST, 'nid', FILTER_VALIDATE_INT); @@ -28,4 +36,3 @@ ->execute(); } } - diff --git a/core/modules/system/tests/http.php b/core/modules/system/tests/http.php index 662031f..c47aacf 100644 --- a/core/modules/system/tests/http.php +++ b/core/modules/system/tests/http.php @@ -1,23 +1,29 @@ server->get('HTTPS'); // Change to HTTP. -$_SERVER['HTTPS'] = NULL; +$request->server->remove('HTTPS'); ini_set('session.cookie_secure', FALSE); -foreach ($_SERVER as $key => $value) { - $_SERVER[$key] = str_replace('core/modules/system/tests/http.php', 'index.php', $value); - $_SERVER[$key] = str_replace('https://', 'http://', $_SERVER[$key]); +foreach ($request->server->all() as $key => $value) { + $request->server->set($key, str_replace('core/modules/system/tests/http.php', 'index.php', $value)); + $request->server->set($key, str_replace('https://', 'http://', $request->server->get($key))); } - -// Change current directory to the Drupal root. -chdir('../../../..'); -require_once dirname(dirname(dirname(__DIR__))) . '/vendor/autoload.php'; -require_once dirname(dirname(dirname(__DIR__))) . '/includes/bootstrap.inc'; -drupal_handle_request(TRUE); +$kernel->setTestOnly(TRUE); +$response = $kernel->handle($request)->prepare($request)->send(); +$kernel->terminate($request, $response); diff --git a/core/modules/system/tests/https.php b/core/modules/system/tests/https.php index 247e6e5..a1c52a6 100644 --- a/core/modules/system/tests/https.php +++ b/core/modules/system/tests/https.php @@ -1,4 +1,6 @@ server->get('HTTPS'); // Change to HTTPS. -$_SERVER['HTTPS'] = 'on'; -foreach ($_SERVER as $key => $value) { - $_SERVER[$key] = str_replace('core/modules/system/tests/https.php', 'index.php', $value); - $_SERVER[$key] = str_replace('http://', 'https://', $_SERVER[$key]); +$request->server->set('HTTPS', 'on'); +foreach ($request->server->all() as $key => $value) { + $request->server->set($key, str_replace('core/modules/system/tests/https.php', 'index.php', $value)); + $request->server->set($key, str_replace('http://', 'https://', $request->server->get($key))); } - +$kernel->setTestOnly(TRUE); // Change current directory to the Drupal root. -chdir('../../../..'); -require_once dirname(dirname(dirname(__DIR__))) . '/vendor/autoload.php'; -require_once dirname(dirname(dirname(__DIR__))) . '/includes/bootstrap.inc'; -drupal_handle_request(TRUE); +$response = $kernel->handle($request)->prepare($request)->send(); +$kernel->terminate($request, $response); diff --git a/core/scripts/run-tests.sh b/core/scripts/run-tests.sh index d48c638..6ab801c 100755 --- a/core/scripts/run-tests.sh +++ b/core/scripts/run-tests.sh @@ -5,9 +5,12 @@ */ require_once __DIR__ . '/../vendor/autoload.php'; +define('DRUPAL_ROOT', dirname(dirname(__DIR__))); use Drupal\Component\Utility\Timer; use Drupal\Core\StreamWrapper\PublicStream; +use Drupal\Core\DrupalKernel; +use Symfony\Component\HttpFoundation\Request; const SIMPLETEST_SCRIPT_COLOR_PASS = 32; // Green. const SIMPLETEST_SCRIPT_COLOR_FAIL = 31; // Red. @@ -33,7 +36,8 @@ } // Bootstrap to perform initial validation or other operations. -drupal_bootstrap(DRUPAL_BOOTSTRAP_CODE); +$request = Request::createFromGlobals(); +$kernel = DrupalKernel::bootCode($request); if (!\Drupal::moduleHandler()->moduleExists('simpletest')) { simpletest_script_print_error("The Testing (simpletest) module must be installed before this script can run."); @@ -41,7 +45,6 @@ } simpletest_classloader_register(); // We have to add a Request. -$request = \Symfony\Component\HttpFoundation\Request::createFromGlobals(); $container = \Drupal::getContainer(); $container->set('request', $request); @@ -489,10 +492,10 @@ function simpletest_script_run_one_test($test_id, $test_class) { try { // Bootstrap Drupal. - drupal_bootstrap(DRUPAL_BOOTSTRAP_CODE); + $request = Request::createFromGlobals(); + $kernel = DrupalKernel::bootCode($request); simpletest_classloader_register(); // We have to add a Request. - $request = \Symfony\Component\HttpFoundation\Request::createFromGlobals(); $container = \Drupal::getContainer(); $container->set('request', $request); diff --git a/core/update.php b/core/update.php index 6491afc..85a57f2 100644 --- a/core/update.php +++ b/core/update.php @@ -299,11 +299,9 @@ function update_task_list($active = NULL) { require_once __DIR__ . '/includes/unicode.inc'; require_once __DIR__ . '/includes/install.inc'; require_once __DIR__ . '/includes/schema.inc'; -// Bootstrap to configuration. -drupal_bootstrap(DRUPAL_BOOTSTRAP_CONFIGURATION); -// Bootstrap the database. -require_once __DIR__ . '/includes/database.inc'; +$request = Request::createFromGlobals(); +DrupalKernel::bootCode($request); // Updating from a site schema version prior to 8000 should block the update // process. Ensure that the site is not attempting to update a database @@ -329,7 +327,6 @@ function update_task_list($active = NULL) { new Settings($settings); $kernel = new DrupalKernel('update', drupal_classloader(), FALSE); $kernel->boot(); -$request = Request::createFromGlobals(); \Drupal::getContainer()->set('request', $request); // Determine if the current user has access to run update.php. diff --git a/index.php b/index.php index 2181fb3..07e5517 100644 --- a/index.php +++ b/index.php @@ -7,12 +7,18 @@ * All Drupal code is released under the GNU General Public License. * See COPYRIGHT.txt and LICENSE.txt files in the "core" directory. */ +use Drupal\Core\DrupalKernel; +use Symfony\Component\HttpFoundation\Request; require_once __DIR__ . '/core/vendor/autoload.php'; require_once __DIR__ . '/core/includes/bootstrap.inc'; +define('DRUPAL_ROOT', __DIR__); try { - drupal_handle_request(); + $request = Request::createFromGlobals(); + $kernel = DrupalKernel::createFromRequest($request); + $response = $kernel->handle($request)->prepare($request)->send(); + $kernel->terminate($request, $response); } catch (Exception $e) { $message = 'If you have just changed code (for example deployed a new module or moved an existing one) read http://drupal.org/documentation/rebuild'; diff --git a/sites/default/default.settings.php b/sites/default/default.settings.php index 616f260..5a46b12 100644 --- a/sites/default/default.settings.php +++ b/sites/default/default.settings.php @@ -450,14 +450,6 @@ # $settings['mixed_mode_sessions'] = TRUE; /** - * Default mode for for directories and files written by Drupal. - * - * Value should be in PHP Octal Notation, with leading zero. - */ -# $settings['file_chmod_directory'] = 0775; -# $settings['file_chmod_file'] = 0664; - -/** * Public file path: * * A local file system path where public files will be stored. This directory