Director

Complexity

Total Complexity

197

Size/Duplication

Total Lines	1190
Duplicated Lines	0 %

Coupling/Cohesion

Components	2
Dependencies	15

Importance

Changes	2
Bugs	1	Features	1

38 Methods

Rating	Name	Duplication	Size	Complexity
A	addRules()	0	5	1
D	direct()	0	93	21
F	test()	0	128	24
C	handleRequest()	0	52	12
A	setUrlParams()	0	3	1
A	get_current_page()	0	3	2
A	set_current_page()	0	3	1
C	absoluteURL()	0	42	12
C	protocolAndHost()	0	28	7
A	protocol()	0	3	2
C	is_https()	0	31	13
B	baseURL()	0	21	6
A	setBaseURL()	0	4	1
A	baseFolder()	0	4	2
A	setBaseFolder()	0	4	1
D	makeRelative()	0	45	10
A	is_absolute()	0	5	4
A	is_root_relative_url()	0	3	2
C	is_absolute_url()	0	25	7
A	is_relative_url()	0	3	1
A	is_site_url()	0	9	4
B	extract_request_headers()	0	17	5
A	getAbsFile()	0	3	2
A	fileExists()	0	5	1
A	absoluteBaseURL()	0	6	1
A	absoluteBaseURLWithAuth()	0	8	2
A	force_redirect()	0	10	1
C	forceSSL()	0	44	11
A	forceWWW()	0	8	4
A	is_ajax()	0	10	4
A	is_cli()	0	3	1
A	set_environment_type()	0	9	4
A	get_environment_type()	0	11	4
A	isLive()	0	3	2
B	isDev()	0	15	5
B	isTest()	0	18	6
C	session_environment()	0	24	9
A	get_template_global_variables()	0	9	1

<?php
/**
 * Director is responsible for processing URLs, and providing environment information.
 *
 * The most important part of director is {@link Director::direct()}, which is passed a URL and will
 * execute the appropriate controller.
 *
 * Director also has a number of static methods that provide information about the environment, such as
 * {@link Director::$environment_type}.
 *
 * @package framework
 *
 * @subpackage control
 *
 * @see Director::direct()
 * @see Director::$rules
 * @see Director::$environment_type
 */
class Director implements TemplateGlobalProvider {

	/**
	 * Specifies this url is relative to the base.
	 *
	 * @var string
	 */
	const BASE = 'BASE';

	/**
	 * Specifies this url is relative to the site root.
	 *
	 * @var string
	 */
	const ROOT = 'ROOT';

	/**
	 * specifies this url is relative to the current request.
	 *
	 * @var string
	 */
	const REQUEST = 'REQUEST';

	/**
	 * @var array
	 */
	static private $urlParams;

	/**
	 * @var array
	 */
	static private $rules = array();

	/**
	 * @var SiteTree
	 */
	private static $current_page;

	/**
	 * @config
	 *
	 * @var string
	 */
	private static $alternate_base_folder;

	/**
	 * @config
	 *
	 * @var array
	 */
	private static $dev_servers = array();

	/**
	 * @config
	 *
	 * @var array
	 */
	private static $test_servers = array();

	/**
	 * Setting this explicitly specifies the protocol ("http" or "https") used, overriding the normal
	 * behaviour of Director::is_https introspecting it from the request. False values imply default
	 * introspection.
	 *
	 * @config
	 *
	 * @var string
	 */
	private static $alternate_protocol;

	/**
	 * @config
	 *
	 * @var string
	 */
	private static $alternate_base_url;

	/**
	 * @config
	 *
	 * @var string
	 */
	private static $environment_type;

	/**
	 * Add URL matching rules to the Director. The director is responsible for turning URLs into
	 * Controller objects.
	 *
	 * Higher $priority values will get your rule checked first. We recommend priority 100 for your
	 * site's rules. The built-in rules are priority 10, standard modules are priority 50.
	 *
	 * @deprecated 4.0 Use the "Director.rules" config setting instead
	 *
	 * @param int $priority
	 * @param array $rules
	 */
	public static function addRules($priority, $rules) {

The parameter $priority is not used and could be removed.

		Deprecation::notice('4.0', 'Use the "Director.rules" config setting instead');

		Config::inst()->update('Director', 'rules', $rules);
	}

	/**
	 * Process the given URL, creating the appropriate controller and executing it.
	 *
	 * Request processing is handled as follows:
	 * - Director::direct() creates a new SS_HTTPResponse object and passes this to
	 *   Director::handleRequest().
	 * - Director::handleRequest($request) checks each of the Director rules and identifies a controller
	 *   to handle this request.
	 * - Controller::handleRequest($request) is then called.  This will find a rule to handle the URL,
	 *   and call the rule handling method.
	 * - RequestHandler::handleRequest($request) is recursively called whenever a rule handling method
	 *   returns a RequestHandler object.
	 *
	 * In addition to request processing, Director will manage the session, and perform the output of
	 * the actual response to the browser.
	 *
	 * @uses handleRequest() rule-lookup logic is handled by this.
	 * @uses Controller::run() Controller::run() handles the page logic for a Director::direct() call.
	 *
	 * @param string $url
	 * @param DataModel $model
	 *
	 * @throws SS_HTTPResponse_Exception
	 */
	public static function direct($url, DataModel $model) {

direct uses the super-global variable $_FILES which is generally not recommended.

direct uses the super-global variable $_SERVER which is generally not recommended.

direct uses the super-global variable $_GET which is generally not recommended.

direct uses the super-global variable $_POST which is generally not recommended.

direct uses the super-global variable $_SESSION which is generally not recommended.

		// Validate $_FILES array before merging it with $_POST
		foreach($_FILES as $k => $v) {
			if (is_array($v['tmp_name'])) {
				$v = ArrayLib::array_values_recursive($v['tmp_name']);
				foreach($v as $tmpFile) {
					if ($tmpFile && !is_uploaded_file($tmpFile)) {
						user_error("File upload '$k' doesn't appear to be a valid upload", E_USER_ERROR);
					}
				}
			} else {
				if ($v['tmp_name'] && !is_uploaded_file($v['tmp_name'])) {
					user_error("File upload '$k' doesn't appear to be a valid upload", E_USER_ERROR);
				}
			}
		}

		$req = new SS_HTTPRequest(
			(isset($_SERVER['X-HTTP-Method-Override']))
				? $_SERVER['X-HTTP-Method-Override']
				: $_SERVER['REQUEST_METHOD'],
			$url,
			$_GET,
			ArrayLib::array_merge_recursive((array) $_POST, (array) $_FILES),

It seems like \ArrayLib::array_merge_recursive((array) $_POST, (array) $_FILES) targeting ArrayLib::array_merge_recursive() can also be of type null; however, SS_HTTPRequest::__construct() does only seem to accept array, maybe add an additional type check?

			@file_get_contents('php://input')
		);

		$headers = self::extract_request_headers($_SERVER);
		foreach ($headers as $header => $value) {
			$req->addHeader($header, $value);
		}

		// Initiate an empty session - doesn't initialize an actual PHP session until saved (see below)
		$session = Injector::inst()->create('Session', isset($_SESSION) ? $_SESSION : array());

		// Only resume a session if its not started already, and a session identifier exists
		if (!isset($_SESSION) && Session::request_contains_session_id()) {
			$session->inst_start();
		}

		$output = Injector::inst()->get('RequestProcessor')->preRequest($req, $session, $model);

		if ($output === false) {
			// @TODO Need to NOT proceed with the request in an elegant manner
			throw new SS_HTTPResponse_Exception(_t('Director.INVALID_REQUEST', 'Invalid request'), 400);
		}

		$result = Director::handleRequest($req, $session, $model);

As per coding style, self should be used for accessing local static members.

		// Save session data. Note that inst_save() will start/resume the session if required.
		$session->inst_save();

		// Return code for a redirection request
		if (is_string($result) && substr($result, 0, 9) == 'redirect:') {
			$url = substr($result, 9);

			if (Director::is_cli()) {

As per coding style, self should be used for accessing local static members.

				// on cli, follow SilverStripe redirects automatically
				return Director::direct(

As per coding style, self should be used for accessing local static members.

					str_replace(Director::absoluteBaseURL(), '', $url),

As per coding style, self should be used for accessing local static members.

					DataModel::inst()
				);
			} else {
				$response = new SS_HTTPResponse();
				$response->redirect($url);
				$res = Injector::inst()->get('RequestProcessor')->postRequest($req, $response, $model);

				if ($res !== false) {
					$response->output();
				}
			}
		// Handle a controller
		} elseif ($result) {
			if ($result instanceof SS_HTTPResponse) {
				$response = $result;

			} else {
				$response = new SS_HTTPResponse();
				$response->setBody($result);
			}

			$res = Injector::inst()->get('RequestProcessor')->postRequest($req, $response, $model);
			if ($res !== false) {
					$response->output();
			} else {
				// @TODO Proper response here.
				throw new SS_HTTPResponse_Exception("Invalid response");
			}


			//$controllerObj->getSession()->inst_save();

80% of this comment could be valid code. Did you maybe forget this after debugging?

		}
	}

	/**
	 * Test a URL request, returning a response object. This method is the counterpart of
	 * Director::direct() that is used in functional testing. It will execute the URL given, and
	 * return the result as an SS_HTTPResponse object.
	 *
	 * @uses getControllerForURL() The rule-lookup logic is handled by this.
	 * @uses Controller::run() Handles the page logic for a Director::direct() call.
	 *
	 * @param string $url The URL to visit.
	 * @param array $postVars The $_POST & $_FILES variables.
	 * @param array|Session $session The {@link Session} object representing the current session.
	 * By passing the same object to multiple  calls of Director::test(), you can simulate a persisted
	 * session.
	 * @param string $httpMethod The HTTP method, such as GET or POST.  It will default to POST if
	 * postVars is set, GET otherwise. Overwritten by $postVars['_method'] if present.
	 * @param string $body The HTTP body.
	 * @param array $headers HTTP headers with key-value pairs.
	 * @param array|Cookie_Backend $cookies to populate $_COOKIE.
	 * @param HTTP_Request $request The {@see HTTP_Request} object generated as a part of this request.
	 *
	 * @return SS_HTTPResponse
	 *
	 * @throws SS_HTTPResponse_Exception
	 */
	public static function test($url, $postVars = null, $session = array(), $httpMethod = null, $body = null,

test uses the super-global variable $_REQUEST which is generally not recommended.

test uses the super-global variable $_GET which is generally not recommended.

test uses the super-global variable $_POST which is generally not recommended.

test uses the super-global variable $_SESSION which is generally not recommended.

test uses the super-global variable $_COOKIE which is generally not recommended.

test uses the super-global variable $_SERVER which is generally not recommended.

			$headers = array(), $cookies = array(), &$request = null) {

		Config::nest();
		Injector::nest();

		// These are needed so that calling Director::test() does not muck with whoever is calling it.
		// Really, it's some inappropriate coupling and should be resolved by making less use of statics.
		$oldStage = Versioned::get_stage();
		$getVars = array();

		if (!$httpMethod) $httpMethod = ($postVars || is_array($postVars)) ? "POST" : "GET";

The expression $httpMethod of type string|null is loosely compared to false; this is ambiguous if the string can be empty. You might want to explicitly use === null instead.

		if (!$session) $session = Injector::inst()->create('Session', array());
		$cookieJar = $cookies instanceof Cookie_Backend
			? $cookies
			: Injector::inst()->createWithArgs('Cookie_Backend', array($cookies ?: array()));

		// Back up the current values of the superglobals
		$existingRequestVars = isset($_REQUEST) ? $_REQUEST : array();
		$existingGetVars = isset($_GET) ? $_GET : array();
		$existingPostVars = isset($_POST) ? $_POST : array();
		$existingSessionVars = isset($_SESSION) ? $_SESSION : array();
		$existingCookies = isset($_COOKIE) ? $_COOKIE : array();
		$existingServer	= isset($_SERVER) ? $_SERVER : array();

		$existingRequirementsBackend = Requirements::backend();

		Config::inst()->update('Cookie', 'report_errors', false);
		Requirements::set_backend(Injector::inst()->create('Requirements_Backend'));

		// Set callback to invoke prior to return
		$onCleanup = function() use(
			$existingRequestVars, $existingGetVars, $existingPostVars, $existingSessionVars,
			$existingCookies, $existingServer, $existingRequirementsBackend, $oldStage
		) {
			// Restore the super globals
			$_REQUEST = $existingRequestVars;
			$_GET = $existingGetVars;
			$_POST = $existingPostVars;
			$_SESSION = $existingSessionVars;
			$_COOKIE = $existingCookies;
			$_SERVER = $existingServer;

			Requirements::set_backend($existingRequirementsBackend);

			// These are needed so that calling Director::test() does not muck with whoever is calling it.
			// Really, it's some inappropriate coupling and should be resolved by making less use of statics
			Versioned::set_stage($oldStage);

			Injector::unnest(); // Restore old CookieJar, etc
			Config::unnest();
		};

		if (strpos($url, '#') !== false) {
			$url = substr($url, 0, strpos($url, '#'));
		}

		// Handle absolute URLs
		if (parse_url($url, PHP_URL_HOST)) {
			$bits = parse_url($url);
			// If a port is mentioned in the absolute URL, be sure to add that into the HTTP host
			if (isset($bits['port'])) {
				$_SERVER['HTTP_HOST'] = $bits['host'].':'.$bits['port'];
			} else {
				$_SERVER['HTTP_HOST'] = $bits['host'];
			}
		}

		// Ensure URL is properly made relative.
		// Example: url passed is "/ss31/my-page" (prefixed with BASE_URL), this should be changed to "my-page"
		$url = self::makeRelative($url);

		$urlWithQuerystring = $url;
		if (strpos($url, '?') !== false) {
			list($url, $getVarsEncoded) = explode('?', $url, 2);
			parse_str($getVarsEncoded, $getVars);
		}

		// Replace the super globals with appropriate test values
		$_REQUEST = ArrayLib::array_merge_recursive((array) $getVars, (array) $postVars);
		$_GET = (array) $getVars;
		$_POST = (array) $postVars;
		$_SESSION = $session ? $session->inst_getAll() : array();
		$_COOKIE = $cookieJar->getAll(false);
		Injector::inst()->registerService($cookieJar, 'Cookie_Backend');
		$_SERVER['REQUEST_URI'] = Director::baseURL() . $urlWithQuerystring;

As per coding style, self should be used for accessing local static members.

		$request = new SS_HTTPRequest($httpMethod, $url, $getVars, $postVars, $body);

It seems like $getVars can also be of type null; however, SS_HTTPRequest::__construct() does only seem to accept array, maybe add an additional type check?

It seems like $postVars defined by parameter $postVars on line 263 can also be of type null; however, SS_HTTPRequest::__construct() does only seem to accept array, maybe add an additional type check?

		if ($headers) {

The expression $headers of type array is implicitly converted to a boolean; are you sure this is intended? If so, consider using ! empty($expr) instead to make it clear that you intend to check for an array without elements.

			foreach($headers as $k => $v) {
				$request->addHeader($k, $v);
			}
		}

		// Pre-request filtering
		// @see issue #2517
		$model = DataModel::inst();
		$output = Injector::inst()->get('RequestProcessor')->preRequest($request, $session, $model);
		if ($output === false) {
			$onCleanup();
			throw new SS_HTTPResponse_Exception(_t('Director.INVALID_REQUEST', 'Invalid request'), 400);
		}

		// TODO: Pass in the DataModel
		$result = Director::handleRequest($request, $session, $model);

As per coding style, self should be used for accessing local static members.

		// Ensure that the result is an SS_HTTPResponse object
		if (is_string($result)) {
			if (substr($result, 0, 9) == 'redirect:') {
				$response = new SS_HTTPResponse();
				$response->redirect(substr($result, 9));
				$result = $response;
			} else {
				$result = new SS_HTTPResponse($result);
			}
		}

		$output = Injector::inst()->get('RequestProcessor')->postRequest($request, $result, $model);
		if ($output === false) {
			$onCleanup();
			throw new SS_HTTPResponse_Exception("Invalid response");
		}

		// Return valid response
		$onCleanup();
		return $result;
	}

	/**
	 * Handle an HTTP request, defined with a SS_HTTPRequest object.
	 *
	 * @param SS_HTTPRequest $request
	 * @param Session $session
	 * @param DataModel $model
	 *
	 * @return SS_HTTPResponse|string
	 */
	protected static function handleRequest(SS_HTTPRequest $request, Session $session, DataModel $model) {

handleRequest uses the super-global variable $_REQUEST which is generally not recommended.

		$rules = Config::inst()->get('Director', 'rules');

		if (isset($_REQUEST['debug'])) Debug::show($rules);

		foreach($rules as $pattern => $controllerOptions) {

The expression $rules of type array|integer|double|string|boolean is not guaranteed to be traversable. How about adding an additional type check?

			if (is_string($controllerOptions)) {
				if (substr($controllerOptions, 0, 2) == '->') {
					$controllerOptions = array('Redirect' => substr($controllerOptions, 2));
				} else {
					$controllerOptions = array('Controller' => $controllerOptions);
				}
			}

			if (($arguments = $request->match($pattern, true)) !== false) {
				$request->setRouteParams($controllerOptions);
				// controllerOptions provide some default arguments
				$arguments = array_merge($controllerOptions, $arguments);

				// Find the controller name
				if (isset($arguments['Controller'])) $controller = $arguments['Controller'];

				// Pop additional tokens from the tokenizer if necessary
				if (isset($controllerOptions['_PopTokeniser'])) {
					$request->shift($controllerOptions['_PopTokeniser']);
				}

				// Handle redirection
				if (isset($arguments['Redirect'])) {
					return "redirect:" . Director::absoluteURL($arguments['Redirect'], true);

As per coding style, self should be used for accessing local static members.

				} else {
					Director::$urlParams = $arguments;

As per coding style, self should be used for accessing local static members.

					$controllerObj = Injector::inst()->create($controller);

The variable $controller does not seem to be defined for all execution paths leading up to this point.

					$controllerObj->setSession($session);

					try {
						$result = $controllerObj->handleRequest($request, $model);
					} catch(SS_HTTPResponse_Exception $responseException) {
						$result = $responseException->getResponse();
					}
					if (!is_object($result) || $result instanceof SS_HTTPResponse) return $result;

					user_error("Bad result from url " . $request->getURL() . " handled by " .
						get_class($controllerObj)." controller: ".get_class($result), E_USER_WARNING);
				}
			}
		}

		// No URL rules matched, so return a 404 error.
		return new SS_HTTPResponse('No URL rule was matched', 404);
	}

	/**
	 * Set url parameters (should only be called internally by RequestHandler->handleRequest()).
	 *
	 * @param array $params
	 */
	public static function setUrlParams($params) {
		Director::$urlParams = $params;

As per coding style, self should be used for accessing local static members.

	}

	/**
	 * Return the {@link SiteTree} object that is currently being viewed. If there is no SiteTree
	 * object to return, then this will return the current controller.
	 *
	 * @return SiteTree
	 */
	public static function get_current_page() {
		return self::$current_page ? self::$current_page : Controller::curr();
	}

	/**
	 * Set the currently active {@link SiteTree} object that is being used to respond to the request.
	 *
	 * @param SiteTree $page
	 */
	public static function set_current_page($page) {
		self::$current_page = $page;
	}

	/**
	 * Turns the given URL into an absolute URL. By default non-site root relative urls will be
	 * evaluated relative to the current base_url.
	 *
	 * @param string $url URL To transform to absolute.
	 * @param string $relativeParent Method to use for evaluating relative urls.
	 * Either one of BASE (baseurl), ROOT (site root), or REQUEST (requested page).
	 * Defaults to BASE, which is the same behaviour as template url resolution.
	 * Ignored if the url is absolute or site root.
	 *
	 * @return string
	 */
	public static function absoluteURL($url, $relativeParent = self::BASE) {

absoluteURL uses the super-global variable $_SERVER which is generally not recommended.

		if (is_bool($relativeParent)) {
			// Deprecate old boolean second parameter
			Deprecation::notice('5.0', 'Director::absoluteURL takes an explicit parent for relative url');
			$relativeParent = $relativeParent ? self::BASE : self::REQUEST;
		}

		// Check if there is already a protocol given
		if (preg_match('/^http(s?):\/\//', $url)) {
			return $url;
		}

		// Absolute urls without protocol are added
		// E.g. //google.com -> http://google.com
		if (strpos($url, '//') === 0) {
			return self::protocol() . substr($url, 2);
		}

		// Determine method for mapping the parent to this relative url
		if ($relativeParent === self::ROOT || self::is_root_relative_url($url)) {
			// Root relative urls always should be evaluated relative to the root
			$parent = self::protocolAndHost();

		} elseif ($relativeParent === self::REQUEST) {
			// Request relative urls rely on the REQUEST_URI param (old default behaviour)
			if (!isset($_SERVER['REQUEST_URI'])) {
				return false;
			}
			$parent = dirname($_SERVER['REQUEST_URI'] . 'x');

		} else {
			// Default to respecting site base_url
			$parent = self::absoluteBaseURL();
		}

		// Map empty urls to relative slash and join to base
		if (empty($url) || $url === '.' || $url === './') {
			$url = '/';
		}
		return Controller::join_links($parent, $url);

	}

	/**
	 * Returns the domain part of the URL 'http://www.mysite.com'. Returns FALSE is this environment
	 * variable isn't set.
	 *
	 * @return bool|string
	 */
	public static function protocolAndHost() {

protocolAndHost uses the super-global variable $_SERVER which is generally not recommended.

		$alternate = Config::inst()->get('Director', 'alternate_base_url');
		if ($alternate) {
			if (preg_match('/^(http[^:]*:\/\/[^\/]+)(\/|$)/', $alternate, $matches)) {
				return $matches[1];
			}
		}

		if (isset($_SERVER['HTTP_HOST'])) {
			return Director::protocol() . $_SERVER['HTTP_HOST'];

As per coding style, self should be used for accessing local static members.

		} else {
			global $_FILE_TO_URL_MAPPING;

Use of global functionality is not recommended; it makes your code harder to test, and less reusable.

			if (Director::is_cli() && isset($_FILE_TO_URL_MAPPING)) {

As per coding style, self should be used for accessing local static members.

				$errorSuggestion = '  You probably want to define ' .
				'an entry in $_FILE_TO_URL_MAPPING that covers "' . Director::baseFolder() . '"';

As per coding style, self should be used for accessing local static members.

			} elseif (Director::is_cli()) {

As per coding style, self should be used for accessing local static members.

				$errorSuggestion = '  You probably want to define $_FILE_TO_URL_MAPPING in ' .
				'your _ss_environment.php as instructed on the "sake" page of the doc.silverstripe.com wiki';
			} else {
				$errorSuggestion = "";
			}

			user_error("Director::protocolAndHost() lacks sufficient information - HTTP_HOST not set."
				. $errorSuggestion, E_USER_WARNING);
			return false;

		}
	}

	/**
	 * Return the current protocol that the site is running under.
	 *
	 * @return string
	 */
	public static function protocol() {
		return (self::is_https()) ? 'https://' : 'http://';
	}

	/**
	 * Return whether the site is running as under HTTPS.
	 *
	 * @return bool
	 */
	public static function is_https() {

is_https uses the super-global variable $_SERVER which is generally not recommended.

		// See https://en.wikipedia.org/wiki/List_of_HTTP_header_fields
		// See https://support.microsoft.com/en-us/kb/307347
		$headerOverride = false;
		if (TRUSTED_PROXY) {
			$headers = (defined('SS_TRUSTED_PROXY_PROTOCOL_HEADER')) ? array(SS_TRUSTED_PROXY_PROTOCOL_HEADER) : null;
			if (!$headers) {
				// Backwards compatible defaults
				$headers = array('HTTP_X_FORWARDED_PROTO', 'HTTP_X_FORWARDED_PROTOCOL', 'HTTP_FRONT_END_HTTPS');
			}
			foreach($headers as $header) {
				$headerCompareVal = ($header === 'HTTP_FRONT_END_HTTPS' ? 'on' : 'https');
				if (!empty($_SERVER[$header]) && strtolower($_SERVER[$header]) == $headerCompareVal) {
					$headerOverride = true;
					break;
				}
			}
		}

		if ($protocol = Config::inst()->get('Director', 'alternate_protocol')) {
			return ($protocol == 'https');
		} elseif ($headerOverride) {
			return true;
		} elseif ((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off')) {
			return true;
		} elseif (isset($_SERVER['SSL'])) {
			return true;
		} else {
			return false;
		}
	}

	/**
	 * Returns the root URL for the site. It will be automatically calculated unless it is overridden
	 * with {@link setBaseURL()}.
	 *
	 * @return string
	 */
	public static function baseURL() {
		$alternate = Config::inst()->get('Director', 'alternate_base_url');

		if ($alternate) {
			return $alternate;
		} else {
			$base = BASE_URL;

			if ($base == '/' || $base == '/.' || $base == '\\') {
				$baseURL = '/';
			} else {
				$baseURL = $base . '/';
			}

			if (defined('BASE_SCRIPT_URL')) {
				return $baseURL . BASE_SCRIPT_URL;
			}

			return $baseURL;
		}
	}

	/**
	 * Sets the root URL for the website. If the site isn't accessible from the URL you provide,
	 * weird things will happen.
	 *
	 * @deprecated 4.0 Use the "Director.alternate_base_url" config setting instead.
	 *
	 * @param string $baseURL
	 */
	public static function setBaseURL($baseURL) {
		Deprecation::notice('4.0', 'Use the "Director.alternate_base_url" config setting instead');
		Config::inst()->update('Director', 'alternate_base_url', $baseURL);
	}

	/**
	 * Returns the root filesystem folder for the site. It will be automatically calculated unless
	 * it is overridden with {@link setBaseFolder()}.
	 *
	 * @return string
	 */
	public static function baseFolder() {
		$alternate = Config::inst()->get('Director', 'alternate_base_folder');
		return ($alternate) ? $alternate : BASE_PATH;
	}

	/**
	 * Sets the root folder for the website. If the site isn't accessible from the folder you provide,
	 * weird things will happen.
	 *
	 * @deprecated 4.0 Use the "Director.alternate_base_folder" config setting instead.
	 *
	 * @param string $baseFolder
	 */
	public static function setBaseFolder($baseFolder) {
		Deprecation::notice('4.0', 'Use the "Director.alternate_base_folder" config setting instead');
		Config::inst()->update('Director', 'alternate_base_folder', $baseFolder);
	}

	/**
	 * Turns an absolute URL or folder into one that's relative to the root of the site. This is useful
	 * when turning a URL into a filesystem reference, or vice versa.
	 *
	 * @param string $url Accepts both a URL or a filesystem path.
	 *
	 * @return string
	 */
	public static function makeRelative($url) {
		// Allow for the accidental inclusion whitespace and // in the URL
		$url = trim(preg_replace('#([^:])//#', '\\1/', $url));

		$base1 = self::absoluteBaseURL();
		$baseDomain = substr($base1, strlen(self::protocol()));

		// Only bother comparing the URL to the absolute version if $url looks like a URL.
		if (preg_match('/^https?[^:]*:\/\//', $url, $matches)) {
			$urlProtocol = $matches[0];
			$urlWithoutProtocol = substr($url, strlen($urlProtocol));

			// If we are already looking at baseURL, return '' (substr will return false)
			if ($url == $base1) {
				return '';
			} elseif (substr($url, 0, strlen($base1)) == $base1) {
				return substr($url, strlen($base1));
			} elseif (substr($base1, -1) == "/" && $url == substr($base1, 0, -1)) {
				// Convert http://www.mydomain.com/mysitedir to ''
				return "";
			}

			if (substr($urlWithoutProtocol, 0, strlen($baseDomain)) == $baseDomain) {
				return substr($urlWithoutProtocol, strlen($baseDomain));
			}
		}

		// test for base folder, e.g. /var/www
		$base2 = self::baseFolder();
		if (substr($url, 0, strlen($base2)) == $base2) return substr($url, strlen($base2));

		// Test for relative base url, e.g. mywebsite/ if the full URL is http://localhost/mywebsite/
		$base3 = self::baseURL();
		if (substr($url, 0, strlen($base3)) == $base3) {
			return substr($url, strlen($base3));
		}

		// Test for relative base url, e.g mywebsite/ if the full url is localhost/myswebsite
		if (substr($url, 0, strlen($baseDomain)) == $baseDomain) {
			return substr($url, strlen($baseDomain));
		}

		// Nothing matched, fall back to returning the original URL
		return $url;
	}

	/**
	 * Returns true if a given path is absolute. Works under both *nix and windows systems.
	 *
	 * @param string $path
	 *
	 * @return bool
	 */
	public static function is_absolute($path) {
		if (empty($path)) return false;
		if ($path[0] == '/' || $path[0] == '\\') return true;
		return preg_match('/^[a-zA-Z]:[\\\\\/]/', $path) == 1;
	}

	/**
	 * Determine if the url is root relative (i.e. starts with /, but not with //) SilverStripe
	 * considers root relative urls as a subset of relative urls.
	 *
	 * @param string $url
	 *
	 * @return bool
	 */
	public static function is_root_relative_url($url) {
		return strpos($url, '/') === 0 && strpos($url, '//') !== 0;
	}

	/**
	 * Checks if a given URL is absolute (e.g. starts with 'http://' etc.). URLs beginning with "//"
	 * are treated as absolute, as browsers take this to mean the same protocol as currently being used.
	 *
	 * Useful to check before redirecting based on a URL from user submissions through $_GET or $_POST,
	 * and avoid phishing attacks by redirecting to an attackers server.
	 *
	 * Note: Can't solely rely on PHP's parse_url() , since it is not intended to work with relative URLs
	 * or for security purposes. filter_var($url, FILTER_VALIDATE_URL) has similar problems.
	 *
	 * @param string $url
	 *
	 * @return bool
	 */
	public static function is_absolute_url($url) {
		// Strip off the query and fragment parts of the URL before checking
		if (($queryPosition = strpos($url, '?')) !== false) {
			$url = substr($url, 0, $queryPosition-1);
		}
		if (($hashPosition = strpos($url, '#')) !== false) {
			$url = substr($url, 0, $hashPosition-1);
		}
		$colonPosition = strpos($url, ':');
		$slashPosition = strpos($url, '/');
		return (
			// Base check for existence of a host on a compliant URL
			parse_url($url, PHP_URL_HOST)
			// Check for more than one leading slash without a protocol.
			// While not a RFC compliant absolute URL, it is completed to a valid URL by some browsers,
			// and hence a potential security risk. Single leading slashes are not an issue though.
			|| preg_match('%^\s*/{2,}%', $url)
			|| (
				// If a colon is found, check if it's part of a valid scheme definition
				// (meaning its not preceded by a slash).
				$colonPosition !== FALSE
				&& ($slashPosition === FALSE || $colonPosition < $slashPosition)
			)
		);
	}

	/**
	 * Checks if a given URL is relative (or root relative) by checking {@link is_absolute_url()}.
	 *
	 * @param string $url
	 *
	 * @return bool
	 */
	public static function is_relative_url($url) {
		return !static::is_absolute_url($url);
	}

	/**
	 * Checks if the given URL is belonging to this "site" (not an external link). That's the case if
	 * the URL is relative, as defined by {@link is_relative_url()}, or if the host matches
	 * {@link protocolAndHost()}.
	 *
	 * Useful to check before redirecting based on a URL from user submissions through $_GET or $_POST,
	 * and avoid phishing attacks by redirecting to an attackers server.
	 *
	 * @param string $url
	 *
	 * @return bool
	 */
	public static function is_site_url($url) {
		$urlHost = parse_url($url, PHP_URL_HOST);
		$actualHost = parse_url(self::protocolAndHost(), PHP_URL_HOST);
		if ($urlHost && $actualHost && $urlHost == $actualHost) {

The expression $urlHost of type string|false is loosely compared to true; this is ambiguous if the string can be empty. You might want to explicitly use !== false instead.

The expression $actualHost of type string|false is loosely compared to true; this is ambiguous if the string can be empty. You might want to explicitly use !== false instead.

			return true;
		} else {
			return self::is_relative_url($url);
		}
	}

	/**
	 * Takes a $_SERVER data array and extracts HTTP request headers.
	 *
	 * @param array $server
	 *
	 * @return array
	 */
	public static function extract_request_headers(array $server) {
		$headers = array();

		foreach($server as $key => $value) {
			if (substr($key, 0, 5) == 'HTTP_') {
				$key = substr($key, 5);
				$key = strtolower(str_replace('_', ' ', $key));
				$key = str_replace(' ', '-', ucwords($key));
				$headers[$key] = $value;
			}
		}

		if (isset($server['CONTENT_TYPE'])) $headers['Content-Type'] = $server['CONTENT_TYPE'];
		if (isset($server['CONTENT_LENGTH'])) $headers['Content-Length'] = $server['CONTENT_LENGTH'];

		return $headers;
	}

	/**
	 * Given a filesystem reference relative to the site root, return the full file-system path.
	 *
	 * @param string $file
	 *
	 * @return string
	 */
	public static function getAbsFile($file) {
		return self::is_absolute($file) ? $file : Director::baseFolder() . '/' . $file;

As per coding style, self should be used for accessing local static members.

	}

	/**
	 * Returns true if the given file exists. Filename should be relative to the site root.
	 *
	 * @param $file
	 *
	 * @return bool
	 */
	public static function fileExists($file) {
		// replace any appended query-strings, e.g. /path/to/foo.php?bar=1 to /path/to/foo.php
		$file = preg_replace('/([^\?]*)?.*/', '$1', $file);
		return file_exists(Director::getAbsFile($file));

As per coding style, self should be used for accessing local static members.

	}

	/**
	 * Returns the Absolute URL of the site root.
	 *
	 * @return string
	 */
	public static function absoluteBaseURL() {
		return self::absoluteURL(
			self::baseURL(),
			self::ROOT
		);
	}

	/**
	 * Returns the Absolute URL of the site root, embedding the current basic-auth credentials into
	 * the URL.
	 *
	 * @return string
	 */
	public static function absoluteBaseURLWithAuth() {

absoluteBaseURLWithAuth uses the super-global variable $_SERVER which is generally not recommended.

		$s = "";
		$login = "";

		if (isset($_SERVER['PHP_AUTH_USER'])) $login = "$_SERVER[PHP_AUTH_USER]:$_SERVER[PHP_AUTH_PW]@";

		return Director::protocol() . $login .  $_SERVER['HTTP_HOST'] . Director::baseURL();

As per coding style, self should be used for accessing local static members.

	}

	/**
	 * Skip any further processing and immediately respond with a redirect to the passed URL.
	 *
	 * @param string $destURL
	 */
	protected static function force_redirect($destURL) {
		$response = new SS_HTTPResponse();
		$response->redirect($destURL, 301);

		HTTP::add_cache_headers($response);

		// TODO: Use an exception - ATM we can be called from _config.php, before Director#handleRequest's try block
		$response->output();
		die;

The method force_redirect() contains an exit expression.

	}

	/**
	 * Force the site to run on SSL.
	 *
	 * To use, call from _config.php. For example:
	 * <code>
	 * if (Director::isLive()) Director::forceSSL();
	 * </code>
	 *
	 * If you don't want your entire site to be on SSL, you can pass an array of PCRE regular expression
	 * patterns for matching relative URLs. For example:
	 * <code>
	 * if (Director::isLive()) Director::forceSSL(array('/^admin/', '/^Security/'));
	 * </code>
	 *
	 * If you want certain parts of your site protected under a different domain, you can specify
	 * the domain as an argument:
	 * <code>
	 * if (Director::isLive()) Director::forceSSL(array('/^admin/', '/^Security/'), 'secure.mysite.com');
	 * </code>
	 *
	 * Note that the session data will be lost when moving from HTTP to HTTPS. It is your responsibility
	 * to ensure that this won't cause usability problems.
	 *
	 * CAUTION: This does not respect the site environment mode. You should check this
	 * as per the above examples using Director::isLive() or Director::isTest() for example.
	 *
	 * @param array $patterns Array of regex patterns to match URLs that should be HTTPS.
	 * @param string $secureDomain Secure domain to redirect to. Defaults to the current domain.
	 *
	 * @return bool|string String of URL when unit tests running, boolean FALSE if patterns don't match request URI.
	 */
	public static function forceSSL($patterns = null, $secureDomain = null) {

forceSSL uses the super-global variable $_SERVER which is generally not recommended.

		if (!isset($_SERVER['REQUEST_URI'])) return false;

		$matched = false;

		if ($patterns) {
			// Calling from the command-line?
			if (!isset($_SERVER['REQUEST_URI'])) return;

			$relativeURL = self::makeRelative(Director::absoluteURL($_SERVER['REQUEST_URI']));

It seems like \Director::absoluteURL($_SERVER['REQUEST_URI']) targeting Director::absoluteURL() can also be of type false; however, Director::makeRelative() does only seem to accept string, did you maybe forget to handle an error condition?

As per coding style, self should be used for accessing local static members.

			// protect portions of the site based on the pattern
			foreach($patterns as $pattern) {
				if (preg_match($pattern, $relativeURL)) {
					$matched = true;
					break;
				}
			}
		} else {
			// protect the entire site
			$matched = true;
		}

		if ($matched && !self::is_https()) {

			// if an domain is specified, redirect to that instead of the current domain
			if ($secureDomain) {

The expression $secureDomain of type string|null is loosely compared to true; this is ambiguous if the string can be empty. You might want to explicitly use !== null instead.

				$url = 'https://' . $secureDomain . $_SERVER['REQUEST_URI'];
			} else {
				$url = $_SERVER['REQUEST_URI'];
			}

			$destURL = str_replace('http:', 'https:', Director::absoluteURL($url));

As per coding style, self should be used for accessing local static members.

			// This coupling to SapphireTest is necessary to test the destination URL and to not interfere with tests
			if (class_exists('SapphireTest', false) && SapphireTest::is_running_test()) {
				return $destURL;
			} else {
				self::force_redirect($destURL);
			}
		} else {
			return false;
		}
	}

	/**
	 * Force a redirect to a domain starting with "www."
	 */
	public static function forceWWW() {

forceWWW uses the super-global variable $_SERVER which is generally not recommended.

		if (!Director::isDev() && !Director::isTest() && strpos($_SERVER['HTTP_HOST'], 'www') !== 0) {

As per coding style, self should be used for accessing local static members.

			$destURL = str_replace(Director::protocol(), Director::protocol() . 'www.',

As per coding style, self should be used for accessing local static members.

				Director::absoluteURL($_SERVER['REQUEST_URI']));

As per coding style, self should be used for accessing local static members.

			self::force_redirect($destURL);
		}
	}

	/**
	 * Checks if the current HTTP-Request is an "Ajax-Request" by checking for a custom header set by
	 * jQuery or whether a manually set request-parameter 'ajax' is present.
	 *
	 * @return bool
	 */
	public static function is_ajax() {

is_ajax uses the super-global variable $_REQUEST which is generally not recommended.

is_ajax uses the super-global variable $_SERVER which is generally not recommended.

		if (Controller::has_curr()) {
			return Controller::curr()->getRequest()->isAjax();
		} else {
			return (
				isset($_REQUEST['ajax']) ||
				(isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == "XMLHttpRequest")
			);
		}
	}

	/**
	 * Returns true if this script is being run from the command line rather than the web server.
	 *
	 * @return bool
	 */
	public static function is_cli() {
		return (php_sapi_name() == "cli");
	}

	/**
	 * Set the environment type of the current site.
	 *
	 * Typically, a SilverStripe site have a number of environments:
	 *  - Development environments, such a copy on your local machine.
	 *  - Test sites, such as the one you show the client before going live.
	 *  - The live site itself.
	 *
	 * The behaviour of these environments often varies slightly.  For example, development sites may
	 * have errors dumped to the screen, and order confirmation emails might be sent to the developer
	 * instead of the client.
	 *
	 * To help with this, SilverStripe supports the notion of an environment type.  The environment
	 * type can be dev, test, or live.
	 *
	 * You can set it explicitly with {@link Director::set_environment_type()}. Or you can use
	 * {@link Director::$dev_servers} and {@link Director::$test_servers} to set it implicitly, based
	 * on the value of $_SERVER['HTTP_HOST'].  If the HTTP_HOST value is one of the servers listed,
	 * then the environment type will be test or dev.  Otherwise, the environment type will be live.
	 *
	 * Dev mode can also be forced by putting ?isDev=1 in your URL, which will ask you to log in and
	 * then push the site into dev mode for the remainder of the session. Putting ?isDev=0 onto the URL
	 * can turn it back.
	 *
	 * Test mode can also be forced by putting ?isTest=1 in your URL, which will ask you to log in and
	 * then push the site into test mode for the remainder of the session. Putting ?isTest=0 onto the URL
	 * can turn it back.
	 *
	 * Generally speaking, these methods will be called from your _config.php file.
	 *
	 * Once the environment type is set, it can be checked with {@link Director::isDev()},
	 * {@link Director::isTest()}, and {@link Director::isLive()}.
	 *
	 * @deprecated 4.0 Use the "Director.environment_type" config setting instead
	 *
	 * @param $et string
	 */
	public static function set_environment_type($et) {
		if ($et != 'dev' && $et != 'test' && $et != 'live') {
			user_error("Director::set_environment_type passed '$et'.  It should be passed dev, test, or live",
				E_USER_WARNING);
		} else {
			Deprecation::notice('4.0', 'Use the "Director.environment_type" config setting instead');
			Config::inst()->update('Director', 'environment_type', $et);
		}
	}

	/**
	 * Can also be checked with {@link Director::isDev()}, {@link Director::isTest()}, and
	 * {@link Director::isLive()}.
	 *
	 * @return bool|string
	 */
	public static function get_environment_type() {
		if (Director::isLive()) {

As per coding style, self should be used for accessing local static members.

			return 'live';
		} elseif (Director::isTest()) {

As per coding style, self should be used for accessing local static members.

			return 'test';
		} elseif (Director::isDev()) {

As per coding style, self should be used for accessing local static members.

			return 'dev';
		} else {
			return false;
		}
	}

	/**
	 * This function will return true if the site is in a live environment. For information about
	 * environment types, see {@link Director::set_environment_type()}.
	 *
	 * @return bool
	 */
	public static function isLive() {
		return !(Director::isDev() || Director::isTest());

As per coding style, self should be used for accessing local static members.

	}

	/**
	 * This function will return true if the site is in a development environment. For information about
	 * environment types, see {@link Director::set_environment_type()}.
	 *
	 * @return bool
	 */
	public static function isDev() {

isDev uses the super-global variable $_SERVER which is generally not recommended.

		// Check session
		if ($env = self::session_environment()) return $env === 'dev';

		// Check config
		if (Config::inst()->get('Director', 'environment_type') === 'dev') return true;

		// Check if we are running on one of the test servers
		$devServers = (array)Config::inst()->get('Director', 'dev_servers');
		if (isset($_SERVER['HTTP_HOST']) && in_array($_SERVER['HTTP_HOST'], $devServers))  {
			return true;
		}

		return false;
	}

	/**
	 * This function will return true if the site is in a test environment. For information about
	 * environment types, see {@link Director::set_environment_type()}.
	 *
	 * @return bool
	 */
	public static function isTest() {

isTest uses the super-global variable $_SERVER which is generally not recommended.

		// In case of isDev and isTest both being set, dev has higher priority
		if (self::isDev()) return false;

		// Check saved session
		if ($env = self::session_environment()) return $env === 'test';

		// Check config
		if (Config::inst()->get('Director', 'environment_type') === 'test') return true;

		// Check if we are running on one of the test servers
		$testServers = (array)Config::inst()->get('Director', 'test_servers');
		if (isset($_SERVER['HTTP_HOST']) && in_array($_SERVER['HTTP_HOST'], $testServers))  {
			return true;
		}

		return false;
	}

	/**
	 * Check or update any temporary environment specified in the session.
	 *
	 * @return null|string
	 */
	protected static function session_environment() {

session_environment uses the super-global variable $_GET which is generally not recommended.

session_environment uses the super-global variable $_SESSION which is generally not recommended.

		// Set session from querystring
		if (isset($_GET['isDev'])) {
			if (isset($_SESSION)) {
				unset($_SESSION['isTest']); // In case we are changing from test mode
				$_SESSION['isDev'] = $_GET['isDev'];
			}
			return 'dev';
		} elseif (isset($_GET['isTest'])) {
			if (isset($_SESSION)) {
				unset($_SESSION['isDev']); // In case we are changing from dev mode
				$_SESSION['isTest'] = $_GET['isTest'];
			}
			return 'test';
		}
		// Check session
		if (isset($_SESSION['isDev']) && $_SESSION['isDev']) {
			return 'dev';
		} elseif (isset($_SESSION['isTest']) && $_SESSION['isTest']) {
			return 'test';
		} else {
			return null;
		}
	}

	/**
	 * Returns an array of strings of the method names of methods on the call that should be exposed
	 * as global variables in the templates.
	 *
	 * @return array
	 */
	public static function get_template_global_variables() {
		return array(
			'absoluteBaseURL',
			'baseURL',
			'is_ajax',
			'isAjax' => 'is_ajax',
			'BaseHref' => 'absoluteBaseURL',    //@deprecated 3.0
		);
	}
}