TYPO3 CMS  TYPO3_6-2
All Classes Namespaces Files Functions Variables Pages
ajax.php
Go to the documentation of this file.
1 <?php
21 $TYPO3_AJAX = TRUE;
22 
23 // This is a list of requests that don't necessarily need a valid BE user
24 $noUserAjaxIDs = array(
25  'BackendLogin::login',
26  'BackendLogin::logout',
27  'BackendLogin::refreshLogin',
28  'BackendLogin::isTimedOut',
29  'BackendLogin::getChallenge',
30  'BackendLogin::getRsaPublicKey',
31 );
32 
33 // First get the ajaxID
34 $ajaxID = isset($_POST['ajaxID']) ? $_POST['ajaxID'] : $_GET['ajaxID'];
35 if (isset($ajaxID)) {
36  $ajaxID = (string)stripslashes($ajaxID);
37 }
38 
39 // If we're trying to do an ajax login, don't require a user.
40 if (in_array($ajaxID, $noUserAjaxIDs)) {
41  define('TYPO3_PROCEED_IF_NO_USER', 2);
42 }
43 
44 require __DIR__ . '/init.php';
45 
46 // Finding the script path from the registry
47 $ajaxRegistryEntry = isset($GLOBALS['TYPO3_CONF_VARS']['BE']['AJAX'][$ajaxID]) ? $GLOBALS['TYPO3_CONF_VARS']['BE']['AJAX'][$ajaxID] : NULL;
48 $ajaxScript = NULL;
49 $csrfTokenCheck = FALSE;
50 if ($ajaxRegistryEntry !== NULL) {
51  if (is_array($ajaxRegistryEntry)) {
52  if (isset($ajaxRegistryEntry['callbackMethod'])) {
53  $ajaxScript = $ajaxRegistryEntry['callbackMethod'];
54  $csrfTokenCheck = $ajaxRegistryEntry['csrfTokenCheck'];
55  }
56  } else {
57  // @Deprecated since 6.2 will be removed two versions later
58  $ajaxScript = $ajaxRegistryEntry;
59  }
60 }
61 
62 // Instantiating the AJAX object
63 $ajaxObj = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Http\\AjaxRequestHandler', $ajaxID);
64 $ajaxParams = array();
65 
66 // Evaluating the arguments and calling the AJAX method/function
67 if (empty($ajaxID)) {
68  $ajaxObj->setError('No valid ajaxID parameter given.');
69 } elseif (empty($ajaxScript)) {
70  $ajaxObj->setError('No backend function registered for ajaxID "' . $ajaxID . '".');
71 } else {
72  $success = TRUE;
73  $tokenIsValid = TRUE;
74  if ($csrfTokenCheck) {
75  $tokenIsValid = \TYPO3\CMS\Core\FormProtection\FormProtectionFactory::get()->validateToken(\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('ajaxToken'), 'ajaxCall', $ajaxID);
76  }
77  if ($tokenIsValid) {
78  // Cleanup global variable space
79  unset($csrfTokenCheck, $ajaxRegistryEntry, $tokenIsValid, $success);
80  $success = \TYPO3\CMS\Core\Utility\GeneralUtility::callUserFunction($ajaxScript, $ajaxParams, $ajaxObj, FALSE, TRUE);
81  } else {
82  $ajaxObj->setError('Invalid CSRF token detected for ajaxID "' . $ajaxID . '"!');
83  }
84  if ($success === FALSE) {
85  $ajaxObj->setError('Registered backend function for ajaxID "' . $ajaxID . '" was not found.');
86  }
87 }
88 
89 // Outputting the content (and setting the X-JSON-Header)
90 $ajaxObj->render();
$ajaxScript
$ajaxScript
Definition: ajax.php:48
$ajaxID
$ajaxID
Definition: ajax.php:34
TYPO3\CMS\Core\Utility\GeneralUtility\callUserFunction
static callUserFunction($funcName, &$params, &$ref, $checkPrefix='', $errorMode=0)
Definition: GeneralUtility.php:4276
$tokenIsValid
$tokenIsValid
Definition: ajax.php:73
$ajaxRegistryEntry
$ajaxRegistryEntry
Definition: ajax.php:47
$csrfTokenCheck
$csrfTokenCheck
Definition: ajax.php:49
$ajaxParams
$ajaxParams
Definition: ajax.php:64
$noUserAjaxIDs
$noUserAjaxIDs
Definition: ajax.php:24
$GLOBALS
if(!defined('TYPO3_MODE')) $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['logoff_pre_processing'][]
Definition: ext_localconf.php:5
$ajaxObj
if($ajaxRegistryEntry !==NULL) $ajaxObj
Definition: ajax.php:63
$TYPO3_AJAX
$TYPO3_AJAX
Definition: ajax.php:21