Clean constants handling (#19684)

cedric-anne · web-flow · commit 7e60ec2c8f84 · 2025-05-12T19:58:33.000+02:00
* Make the `GLPI_LOG_LVL` constant always defined

* Deprecate the GLPI_FORCE_MAIL constant

* Make SKIP_UPDATES always defined

* Make GLPI_SYSTEM_CRON always defined

* Replace GLPI_KEEP_CSRF_TOKEN by method params

* Add missing GLPI_USE_CSRF_CHECK to PHPStan config

* Use the `GLPI_` prefix for all constants

* Handle PLUGINS_DIRECTORIES deprecation
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -236,10 +236,12 @@ The present file will list all changes made to the project; according to the
 - `Software::merge()` method is now private.
 - The refusal of the collected emails corresponding to a GLPI notification will now be made based on a default rule.
 - The `$store_path` parameter has been removed from the `Dropdown::dropdownIcons()` method.
+- The `PLUGINS_DIRECTORIES` constant has been renamed to `GLPI_PLUGINS_DIRECTORIES`.
 
 #### Deprecated
 - Usage of the `/marketplace` path for plugins URLs. All plugins URLs should now start with `/plugins`.
 - Usage of `GLPI_PLUGINS_PATH` javascript variable.
+- Usage of the `GLPI_FORCE_MAIL` constant.
 - Usage of `MAIL_SMTPSSL` and `MAIL_SMTPTLS` constants.
 - Usage of `name` and `users_id_validate` parameter in `ajax/dropdownValidator.php`.
 - Usage of `users_id_validate` parameter in `front/commonitilvalidation.form.php`.
@@ -325,7 +327,7 @@ The present file will list all changes made to the project; according to the
 - `Toolbox::stripslashes_deep()`
 
 #### Removed
-- `GLPI_USE_CSRF_CHECK`, `GLPI_USE_IDOR_CHECK`, `GLPI_CSRF_EXPIRES`, `GLPI_CSRF_MAX_TOKENS` and `GLPI_IDOR_EXPIRES` constants.
+- `GLPI_USE_CSRF_CHECK`, `GLPI_USE_IDOR_CHECK`, `GLPI_KEEP_CSRF_TOKEN`, `GLPI_CSRF_EXPIRES`, `GLPI_CSRF_MAX_TOKENS` and `GLPI_IDOR_EXPIRES` constants.
 - `GLPI_DEMO_MODE` constant.
 - `GLPI_DUMP_DIR` constant.
 - `GLPI_SQL_DEBUG` constant.
diff --git a/phpstan.neon.dist b/phpstan.neon.dist
@@ -48,19 +48,22 @@ parameters:
         - GLPI_NETWORK_SERVICES
         - GLPI_PICTURE_DIR
         - GLPI_PLUGIN_DOC_DIR
+        - GLPI_PLUGINS_DIRECTORIES
         - GLPI_RSS_DIR
         - GLPI_SERVERSIDE_URL_ALLOWLIST
         - GLPI_SESSION_DIR
+        - GLPI_SKIP_UPDATES
         - GLPI_STRICT_ENV
+        - GLPI_SYSTEM_CRON
         - GLPI_TELEMETRY_URI
         - GLPI_TEXT_MAXSIZE
         - GLPI_THEMES_DIR
         - GLPI_TMP_DIR
         - GLPI_UPLOAD_DIR
+        - GLPI_USE_CSRF_CHECK
         - GLPI_USER_AGENT_EXTRA_COMMENTS
         - GLPI_VAR_DIR
         - GLPI_WEBHOOK_ALLOW_RESPONSE_SAVING
-        - PLUGINS_DIRECTORIES
         - TU_USER
     ignoreErrors:
         - '~Instantiated class XHProfRuns_Default not found~'
diff --git a/src/CronTask.php b/src/CronTask.php
@@ -975,7 +975,7 @@ public static function register($itemtype, $name, $frequency, $options = [])
             }
         }
         if (
-            defined('GLPI_SYSTEM_CRON')
+            GLPI_SYSTEM_CRON
             && ($input['allowmode'] & self::MODE_EXTERNAL)
             && !isset($input['mode'])
         ) {
diff --git a/src/DbUtils.php b/src/DbUtils.php
@@ -367,7 +367,7 @@ public function getItemTypeForTable($table)
      *
      * @return string
      */
-    public function fixItemtypeCase(string $itemtype, $root_dir = GLPI_ROOT, array $plugins_dirs = PLUGINS_DIRECTORIES)
+    public function fixItemtypeCase(string $itemtype, $root_dir = GLPI_ROOT, array $plugins_dirs = GLPI_PLUGINS_DIRECTORIES)
     {
         /** @var \Psr\SimpleCache\CacheInterface $GLPI_CACHE */
         global $GLPI_CACHE;
diff --git a/src/Glpi/Application/Environment.php b/src/Glpi/Application/Environment.php
@@ -133,6 +133,7 @@ public function getConstantsOverride(string $root_dir): array
             self::TESTING     => [
                 'GLPI_CONFIG_DIR'               => $root_dir . '/tests/config',
                 'GLPI_VAR_DIR'                  => $root_dir . '/tests/files',
+                'GLPI_LOG_LVL'                  => LogLevel::DEBUG,
                 'GLPI_STRICT_ENV'               => true,
                 'GLPI_SERVERSIDE_URL_ALLOWLIST' => [
                     // default allowlist entries
@@ -143,30 +144,19 @@ public function getConstantsOverride(string $root_dir): array
                     // calendar mockups
                     '/^file:\/\/.*\.ics$/',
                 ],
-                'PLUGINS_DIRECTORIES'           => [
+                'GLPI_PLUGINS_DIRECTORIES'      => [
                     $root_dir . '/plugins',
                     $root_dir . '/tests/fixtures/plugins',
                 ],
             ],
             self::DEVELOPMENT => [
+                'GLPI_LOG_LVL'                       => LogLevel::DEBUG,
                 'GLPI_STRICT_ENV'                    => true,
                 'GLPI_WEBHOOK_ALLOW_RESPONSE_SAVING' => '1',
             ],
         };
     }
 
-    public function getLogLevel(): string
-    {
-        // Do not report debug, info, and notice messages unless in development/testing env.
-        // Notices are errors with no functional impact, so we do not want people to report them as issues.
-        // Suppressing the INFO level will prevent deprecations to be pushed in other environments logs.
-        return match ($this) {
-            default           => LogLevel::WARNING,
-            self::TESTING     => LogLevel::DEBUG,
-            self::DEVELOPMENT => LogLevel::DEBUG,
-        };
-    }
-
     /**
      * Will the files of this environment change ?
      * This may affect which cache we decide to set (twig, http cache on the
diff --git a/src/Glpi/Application/SystemConfigurator.php b/src/Glpi/Application/SystemConfigurator.php
@@ -39,6 +39,7 @@
 use Glpi\Log\ErrorLogHandler;
 use Monolog\Logger;
 use Psr\Log\LoggerInterface;
+use Psr\Log\LogLevel;
 
 final class SystemConfigurator
 {
@@ -50,6 +51,9 @@ public function __construct(private string $root_dir, private ?string $env)
         $this->setSessionConfiguration();
         $this->initLogger();
         $this->registerErrorHandler();
+
+        // Keep it after `registerErrorHandler()` call to be sure that messages are correctly handled.
+        $this->checkForObsoleteConstants();
     }
 
     public function getLogger(): LoggerInterface
@@ -99,7 +103,7 @@ private function computeConstants(): void
 
                 // Where to load plugins.
                 // Order in this array is important (priority to first found).
-                'PLUGINS_DIRECTORIES'  => [
+                'GLPI_PLUGINS_DIRECTORIES' => [
                     '{GLPI_MARKETPLACE_DIR}',
                     $this->root_dir . '/plugins',
                 ],
@@ -145,12 +149,15 @@ private function computeConstants(): void
 
                 // Constants dedicated to developers
                 'GLPI_DISABLE_ONLY_FULL_GROUP_BY_SQL_MODE' => '1', // '1' to disable ONLY_FULL_GROUP_BY 'sql_mode'
+                'GLPI_LOG_LVL'                             => LogLevel::WARNING,
+                'GLPI_SKIP_UPDATES'                        => false, // `true` to bypass minor versions DB updates
                 'GLPI_STRICT_ENV'                          => false, // `true` to make environment more strict (strict variables in twig templates, etc)
 
                 // Other constants
                 'GLPI_AJAX_DASHBOARD'         => '1', // 1 for "multi ajax mode" 0 for "single ajax mode" (see Glpi\Dashboard\Grid::getCards)
                 'GLPI_CALDAV_IMPORT_STATE'    => 0, // external events created from a caldav client will take this state by default (0 = Planning::INFO)
                 'GLPI_CENTRAL_WARNINGS'       => '1', // display (1), or not (0), warnings on GLPI Central page
+                'GLPI_SYSTEM_CRON'            => false, // `true` to use the system cron provided by the downstream package
                 'GLPI_TEXT_MAXSIZE'           => '4000', // character threshold for displaying read more button
                 'GLPI_WEBHOOK_ALLOW_RESPONSE_SAVING' => '0', // allow (1) or not (0) to save webhook response in database
             ],
@@ -179,6 +186,11 @@ private function computeConstants(): void
             include_once($this->root_dir . '/inc/downstream.php');
         }
 
+        // Handle deprecated/obsolete constants
+        if (defined('PLUGINS_DIRECTORIES') && !defined('GLPI_PLUGINS_DIRECTORIES')) {
+            define('GLPI_PLUGINS_DIRECTORIES', PLUGINS_DIRECTORIES);
+        }
+
         // Configure environment type if not defined by user.
         if (Environment::isSet()) {
             Environment::validate();
@@ -269,4 +281,21 @@ private function registerErrorHandler(): void
         $errorHandler = new ErrorHandler($this->logger);
         $errorHandler::register($errorHandler);
     }
+
+    private function checkForObsoleteConstants(): void
+    {
+        if (defined('GLPI_USE_CSRF_CHECK')) {
+            trigger_error(
+                'The `GLPI_USE_CSRF_CHECK` constant is now ignored for security reasons.',
+                E_USER_WARNING
+            );
+        }
+
+        if (defined('PLUGINS_DIRECTORIES')) {
+            trigger_error(
+                'The `PLUGINS_DIRECTORIES` constant is deprecated. Use the `GLPI_PLUGINS_DIRECTORIES` constant instead.',
+                E_USER_DEPRECATED
+            );
+        }
+    }
 }
diff --git a/src/Glpi/Console/Application.php b/src/Glpi/Console/Application.php
@@ -252,7 +252,7 @@ protected function doRunCommand(Command $command, InputInterface $input, OutputI
 
         if (
             $is_db_available
-            && defined('SKIP_UPDATES')
+            && GLPI_SKIP_UPDATES
             && (!($command instanceof GlpiCommandInterface) || $command->requiresUpToDateDb())
             && !Update::isDbUpToDate()
         ) {
diff --git a/src/Glpi/Console/CommandLoader.php b/src/Glpi/Console/CommandLoader.php
@@ -218,7 +218,7 @@ private function findPluginCommands()
         }
 
         $plugins_directories = new AppendIterator();
-        foreach (PLUGINS_DIRECTORIES as $directory) {
+        foreach (GLPI_PLUGINS_DIRECTORIES as $directory) {
             $directory = str_replace(GLPI_ROOT, $this->rootdir, $directory);
             $plugins_directories->append(new DirectoryIterator($directory));
         }
diff --git a/src/Glpi/Console/Plugin/InstallCommand.php b/src/Glpi/Console/Plugin/InstallCommand.php
@@ -185,7 +185,7 @@ protected function getDirectoryChoiceChoices()
 
         // Fetch directory list
         $directories = [];
-        foreach (PLUGINS_DIRECTORIES as $plugins_directory) {
+        foreach (GLPI_PLUGINS_DIRECTORIES as $plugins_directory) {
             $directory_handle  = opendir($plugins_directory);
             while (false !== ($filename = readdir($directory_handle))) {
                 if (
diff --git a/src/Glpi/Error/ErrorHandler.php b/src/Glpi/Error/ErrorHandler.php
@@ -236,8 +236,7 @@ private function configureErrorReporting(): void
         $reporting_level = E_ALL;
 
         // Compute max error level that should be reported
-        $env_psr_level = Environment::get()->getLogLevel();
-        $env_report_value = self::PSR_ERROR_LEVEL_VALUES[$env_psr_level];
+        $env_report_value = self::PSR_ERROR_LEVEL_VALUES[GLPI_LOG_LVL];
 
         foreach (self::ERROR_LEVEL_MAP as $value => $log_level) {
             $psr_level_value = self::PSR_ERROR_LEVEL_VALUES[$log_level];
diff --git a/src/Glpi/Http/Firewall.php b/src/Glpi/Http/Firewall.php
@@ -109,7 +109,7 @@ final class Firewall
     public function __construct(?string $root_dir = null, ?array $plugins_dirs = null)
     {
         $this->root_dir = $root_dir ?? GLPI_ROOT;
-        $this->plugins_dirs = $plugins_dirs ?? PLUGINS_DIRECTORIES;
+        $this->plugins_dirs = $plugins_dirs ?? GLPI_PLUGINS_DIRECTORIES;
     }
 
     /**
diff --git a/src/Glpi/Kernel/Listener/ControllerListener/CheckCsrfListener.php b/src/Glpi/Kernel/Listener/ControllerListener/CheckCsrfListener.php
@@ -76,12 +76,13 @@ public function onKernelController(ControllerEvent $event): void
         }
 
         if ($request->isXmlHttpRequest()) {
-            // Keep CSRF token as many AJAX requests may be made at the same time.
-            // This is due to the fact that read operations are often made using POST method (see #277).
-            define('GLPI_KEEP_CSRF_TOKEN', true);
-
             // For AJAX requests, check CSRF token located into "X-Glpi-Csrf-Token" header.
-            Session::checkCSRF(['_glpi_csrf_token' => $request->server->get('HTTP_X_GLPI_CSRF_TOKEN') ?? '']);
+            Session::checkCSRF(
+                ['_glpi_csrf_token' => $request->server->get('HTTP_X_GLPI_CSRF_TOKEN') ?? ''],
+                // Keep CSRF token as many AJAX requests may be made at the same time.
+                // This is due to the fact that read operations are often made using POST method (see #277).
+                preserve_token: true
+            );
         } else {
             Session::checkCSRF($request->request->all());
         }
diff --git a/src/Glpi/Kernel/Listener/PostBootListener/SessionStart.php b/src/Glpi/Kernel/Listener/PostBootListener/SessionStart.php
@@ -51,7 +51,7 @@ final class SessionStart implements EventSubscriberInterface
     public function __construct(
         #[Autowire('%kernel.project_dir%')]
         string $glpi_root,
-        array $plugin_directories = PLUGINS_DIRECTORIES,
+        array $plugin_directories = GLPI_PLUGINS_DIRECTORIES,
     ) {
         $this->glpi_root = $glpi_root;
         $this->plugin_directories = $plugin_directories;
diff --git a/src/Glpi/Kernel/Listener/RequestListener/FrontEndAssetsListener.php b/src/Glpi/Kernel/Listener/RequestListener/FrontEndAssetsListener.php
@@ -51,7 +51,7 @@ final class FrontEndAssetsListener implements EventSubscriberInterface
     public function __construct(
         #[Autowire('%kernel.project_dir%')]
         string $glpi_root,
-        array $plugin_directories = PLUGINS_DIRECTORIES,
+        array $plugin_directories = GLPI_PLUGINS_DIRECTORIES,
     ) {
         $this->glpi_root = $glpi_root;
         $this->plugin_directories = $plugin_directories;
diff --git a/src/Glpi/Kernel/Listener/RequestListener/LegacyRouterListener.php b/src/Glpi/Kernel/Listener/RequestListener/LegacyRouterListener.php
@@ -53,7 +53,7 @@ final class LegacyRouterListener implements EventSubscriberInterface
     public function __construct(
         #[Autowire('%kernel.project_dir%')]
         string $glpi_root,
-        array $plugin_directories = PLUGINS_DIRECTORIES,
+        array $plugin_directories = GLPI_PLUGINS_DIRECTORIES,
     ) {
         $this->glpi_root = $glpi_root;
         $this->plugin_directories = $plugin_directories;
diff --git a/src/Glpi/Log/AbstractLogHandler.php b/src/Glpi/Log/AbstractLogHandler.php
@@ -34,19 +34,12 @@
 
 namespace Glpi\Log;
 
-use Glpi\Application\Environment;
 use Monolog\Handler\StreamHandler;
 
 abstract class AbstractLogHandler extends StreamHandler
 {
     public function __construct(string $logfile)
     {
-        if (\defined('GLPI_LOG_LVL')) {
-            $log_level = GLPI_LOG_LVL;
-        } else {
-            $log_level = Environment::get()->getLogLevel();
-        }
-
-        parent::__construct($logfile, $log_level);
+        parent::__construct($logfile, GLPI_LOG_LVL);
     }
 }
diff --git a/src/Glpi/Marketplace/Controller.php b/src/Glpi/Marketplace/Controller.php
@@ -309,7 +309,7 @@ public function canBeOverwritten(): bool
 
         // Compute marketplace dir priority
         $marketplace_priority = null;
-        foreach (PLUGINS_DIRECTORIES as $position => $base_dir) {
+        foreach (GLPI_PLUGINS_DIRECTORIES as $position => $base_dir) {
             if (realpath($base_dir) !== false && realpath($base_dir) === realpath(GLPI_MARKETPLACE_DIR)) {
                 $marketplace_priority = -$position;
                 break;
@@ -318,7 +318,7 @@ public function canBeOverwritten(): bool
 
         $found_outside_marketplace = false;
         $found_dir_priority        = null;
-        foreach (PLUGINS_DIRECTORIES as $position => $base_dir) {
+        foreach (GLPI_PLUGINS_DIRECTORIES as $position => $base_dir) {
             if (file_exists($base_dir . '/' . $this->plugin_key . '/setup.php')) {
                 $found_outside_marketplace = true;
                 $found_dir_priority = -$position;
diff --git a/src/NotificationEventMailing.php b/src/NotificationEventMailing.php
@@ -399,6 +399,7 @@ public static function send(array $data)
 
                 $recipient = $current->getField('recipient');
                 if (defined('GLPI_FORCE_MAIL')) {
+                    Toolbox::deprecated('Usage of the `GLPI_FORCE_MAIL` constant is deprecated. Please use a mail catcher service instead.');
                     //force recipient to configured email address
                     $recipient = GLPI_FORCE_MAIL;
                     //add original email address to message body
diff --git a/src/NotificationMailing.php b/src/NotificationMailing.php
@@ -112,6 +112,7 @@ public static function testNotification(): array
         $text = __('This is a test email.') . "\n-- \n" . $CFG_GLPI["mailing_signature"];
         $recipient = $CFG_GLPI['admin_email'];
         if (defined('GLPI_FORCE_MAIL')) {
+            Toolbox::deprecated('Usage of the `GLPI_FORCE_MAIL` constant is deprecated. Please use a mail catcher service instead.');
             //force recipient to configured email address
             $recipient = GLPI_FORCE_MAIL;
             //add original email address to message body
diff --git a/src/Plugin.php b/src/Plugin.php
@@ -329,7 +329,7 @@ public function init(bool $load_plugins = false)
     public static function load($plugin_key, $withhook = false)
     {
         $loaded = false;
-        foreach (PLUGINS_DIRECTORIES as $base_dir) {
+        foreach (GLPI_PLUGINS_DIRECTORIES as $base_dir) {
             if (!is_dir($base_dir)) {
                 continue;
             }
@@ -445,7 +445,7 @@ public static function loadLang($plugin_key, $forcelang = '', $coretrytoload = '
 
         // New localisation system
         $mofile = false;
-        foreach (PLUGINS_DIRECTORIES as $base_dir) {
+        foreach (GLPI_PLUGINS_DIRECTORIES as $base_dir) {
             if (!is_dir($base_dir)) {
                 continue;
             }
@@ -564,7 +564,7 @@ private function getFilesystemPluginKeys(): array
             $this->filesystem_plugin_keys = [];
 
             $plugins_directories = new AppendIterator();
-            foreach (PLUGINS_DIRECTORIES as $base_dir) {
+            foreach (GLPI_PLUGINS_DIRECTORIES as $base_dir) {
                 if (!is_dir($base_dir)) {
                     continue;
                 }
@@ -1771,7 +1771,7 @@ private function loadPluginSetupFile(string $plugin_key): bool
             return false;
         }
 
-        foreach (PLUGINS_DIRECTORIES as $base_dir) {
+        foreach (GLPI_PLUGINS_DIRECTORIES as $base_dir) {
             if (!is_dir($base_dir)) {
                 continue;
             }
@@ -1844,7 +1844,7 @@ public static function getAddSearchOptions($itemtype)
      */
     public static function includeHook(string $plugin_key = "")
     {
-        foreach (PLUGINS_DIRECTORIES as $base_dir) {
+        foreach (GLPI_PLUGINS_DIRECTORIES as $base_dir) {
             if (file_exists("$base_dir/$plugin_key/hook.php")) {
                 include_once("$base_dir/$plugin_key/hook.php");
                 break;
@@ -2727,7 +2727,7 @@ public function getForbiddenStandardMassiveAction()
     public static function getPhpDir(string $plugin_key = "", $full = true)
     {
         $directory = false;
-        foreach (PLUGINS_DIRECTORIES as $plugins_directory) {
+        foreach (GLPI_PLUGINS_DIRECTORIES as $plugins_directory) {
             if (is_dir("$plugins_directory/$plugin_key")) {
                 $directory = "$plugins_directory/$plugin_key";
                 break;
diff --git a/src/Session.php b/src/Session.php
diff --git a/src/Toolbox.php b/src/Toolbox.php
diff --git a/src/Update.php b/src/Update.php
diff --git a/src/autoload/constants.php b/src/autoload/constants.php
diff --git a/src/autoload/legacy-autoloader.php b/src/autoload/legacy-autoloader.php
diff --git a/stubs/glpi_constants.php b/stubs/glpi_constants.php
diff --git a/templates/layout/parts/page_header.html.twig b/templates/layout/parts/page_header.html.twig
diff --git a/templates/layout/parts/page_header_empty.html.twig b/templates/layout/parts/page_header_empty.html.twig

Original file line number	Diff line number	Diff line change
`@@ -975,7 +975,7 @@ public static function register($itemtype, $name, $frequency, $options = [])`
`975`	`975`	`}`
`976`	`976`	`}`
`977`	`977`	`if (`
`978`		`- defined('GLPI_SYSTEM_CRON')`
	`978`	`+ GLPI_SYSTEM_CRON`
`979`	`979`	`&& ($input['allowmode'] & self::MODE_EXTERNAL)`
`980`	`980`	`&& !isset($input['mode'])`
`981`	`981`	`) {`
Original file line number	Diff line number	Diff line change
`@@ -367,7 +367,7 @@ public function getItemTypeForTable($table)`
`367`	`367`	`*`
`368`	`368`	`* @return string`
`369`	`369`	`*/`
`370`		`- public function fixItemtypeCase(string $itemtype, $root_dir = GLPI_ROOT, array $plugins_dirs = PLUGINS_DIRECTORIES)`
	`370`	`+ public function fixItemtypeCase(string $itemtype, $root_dir = GLPI_ROOT, array $plugins_dirs = GLPI_PLUGINS_DIRECTORIES)`
`371`	`371`	`{`
`372`	`372`	`/** @var \Psr\SimpleCache\CacheInterface $GLPI_CACHE */`
`373`	`373`	`global $GLPI_CACHE;`
Original file line number	Diff line number	Diff line change
`@@ -218,7 +218,7 @@ private function findPluginCommands()`
`218`	`218`	`}`
`219`	`219`
`220`	`220`	`$plugins_directories = new AppendIterator();`
`221`		`- foreach (PLUGINS_DIRECTORIES as $directory) {`
	`221`	`+ foreach (GLPI_PLUGINS_DIRECTORIES as $directory) {`
`222`	`222`	`$directory = str_replace(GLPI_ROOT, $this->rootdir, $directory);`
`223`	`223`	`$plugins_directories->append(new DirectoryIterator($directory));`
`224`	`224`	`}`