TYPO3 CMS  TYPO3_6-2
ExtDirectRouter.php
Go to the documentation of this file.
1 <?php
2 namespace TYPO3\CMS\Core\ExtDirect;
3 
22 class ExtDirectRouter {
23 
31  public function route($ajaxParams, \TYPO3\CMS\Core\Http\AjaxRequestHandler $ajaxObj) {
32  $GLOBALS['error'] = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\ExtDirect\\ExtDirectDebug');
33  $isForm = FALSE;
34  $isUpload = FALSE;
35  $rawPostData = file_get_contents('php://input');
36  $postParameters = \TYPO3\CMS\Core\Utility\GeneralUtility::_POST();
37  $namespace = \TYPO3\CMS\Core\Utility\GeneralUtility::_GET('namespace');
38  $response = array();
39  $request = NULL;
40  $isValidRequest = TRUE;
41  if (!empty($postParameters['extAction'])) {
42  $isForm = TRUE;
43  $isUpload = $postParameters['extUpload'] === 'true';
44  $request = new \stdClass();
45  $request->action = $postParameters['extAction'];
46  $request->method = $postParameters['extMethod'];
47  $request->tid = $postParameters['extTID'];
48  unset($_POST['securityToken']);
49  $request->data = array($_POST + $_FILES);
50  $request->data[] = $postParameters['securityToken'];
51  } elseif (!empty($rawPostData)) {
52  $request = json_decode($rawPostData);
53  } else {
54  $response[] = array(
55  'type' => 'exception',
56  'message' => 'Something went wrong with an ExtDirect call!',
57  'code' => 'router'
58  );
59  $isValidRequest = FALSE;
60  }
61  if (!is_array($request)) {
62  $request = array($request);
63  }
64  if ($isValidRequest) {
65  $validToken = FALSE;
66  $firstCall = TRUE;
67  foreach ($request as $index => $singleRequest) {
68  $response[$index] = array(
69  'tid' => $singleRequest->tid,
70  'action' => $singleRequest->action,
71  'method' => $singleRequest->method
72  );
73  $token = array_pop($singleRequest->data);
74  if ($firstCall) {
75  $firstCall = FALSE;
76  $formprotection = \TYPO3\CMS\Core\FormProtection\FormProtectionFactory::get();
77  $validToken = $formprotection->validateToken($token, 'extDirect');
78  }
79  try {
80  if (!$validToken) {
81  throw new \TYPO3\CMS\Core\FormProtection\Exception('ExtDirect: Invalid Security Token!');
82  }
83  $response[$index]['type'] = 'rpc';
84  $response[$index]['result'] = $this->processRpc($singleRequest, $namespace);
85  $response[$index]['debug'] = $GLOBALS['error']->toString();
86  } catch (\Exception $exception) {
87  $response[$index]['type'] = 'exception';
88  $response[$index]['message'] = $exception->getMessage();
89  $response[$index]['code'] = 'router';
90  }
91  }
92  }
93  if ($isForm && $isUpload) {
94  $ajaxObj->setContentFormat('plain');
95  $response = json_encode($response);
96  $response = preg_replace('/&quot;/', '\\&quot;', $response);
97  $response = array(
98  '<html><body><textarea>' . $response . '</textarea></body></html>'
99  );
100  } else {
101  $ajaxObj->setContentFormat('jsonbody');
102  }
103  $ajaxObj->setContent($response);
104  }
105 
116  protected function processRpc($singleRequest, $namespace) {
117  $endpointName = $namespace . '.' . $singleRequest->action;
118  if (!isset($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ExtDirect'][$endpointName])) {
119  throw new \UnexpectedValueException('ExtDirect: Call to undefined endpoint: ' . $endpointName, 1294586450);
120  }
121  if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ExtDirect'][$endpointName])) {
122  if (!isset($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ExtDirect'][$endpointName]['callbackClass'])) {
123  throw new \UnexpectedValueException('ExtDirect: Call to undefined endpoint: ' . $endpointName, 1294586451);
124  }
125  $callbackClass = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ExtDirect'][$endpointName]['callbackClass'];
126  $configuration = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ExtDirect'][$endpointName];
127  if (!is_null($configuration['moduleName']) && !is_null($configuration['accessLevel'])) {
128  $GLOBALS['BE_USER']->modAccess(array(
129  'name' => $configuration['moduleName'],
130  'access' => $configuration['accessLevel']
131  ), TRUE);
132  }
133  }
134  $endpointObject = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($callbackClass, FALSE);
135  return call_user_func_array(array($endpointObject, $singleRequest->method), is_array($singleRequest->data) ? $singleRequest->data : array());
136  }
137 
138 }
TYPO3\CMS\Core\Utility\GeneralUtility\getUserObj
static getUserObj($classRef, $checkPrefix='', $silent=FALSE)
Definition: GeneralUtility.php:4378
$formprotection
$formprotection
Definition: mod.php:24
$ajaxParams
$ajaxParams
Definition: ajax.php:64
TYPO3\CMS\Core\ExtDirect\ExtDirectRouter\processRpc
processRpc($singleRequest, $namespace)
Definition: ExtDirectRouter.php:116
TYPO3\CMS\Core\ExtDirect\ExtDirectRouter\route
route($ajaxParams, \TYPO3\CMS\Core\Http\AjaxRequestHandler $ajaxObj)
Definition: ExtDirectRouter.php:31
$GLOBALS
if(!defined('TYPO3_MODE')) $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['logoff_pre_processing'][]
Definition: ext_localconf.php:5
$ajaxObj
if($ajaxRegistryEntry !==NULL) $ajaxObj
Definition: ajax.php:63