TYPO3_6-2/ajax_8php_source.html

 <?php
 $TYPO3_AJAX = TRUE;

 // This is a list of requests that don't necessarily need a valid BE user
 $noUserAjaxIDs = array(
     'BackendLogin::login',
     'BackendLogin::logout',
     'BackendLogin::refreshLogin',
     'BackendLogin::isTimedOut',
     'BackendLogin::getChallenge',
     'BackendLogin::getRsaPublicKey',
 );

 // First get the ajaxID
 $ajaxID = isset($_POST['ajaxID']) ? $_POST['ajaxID'] : $_GET['ajaxID'];
 if (isset($ajaxID)) {
     $ajaxID = (string)stripslashes($ajaxID);
 }

 // If we're trying to do an ajax login, don't require a user.
 if (in_array($ajaxID, $noUserAjaxIDs)) {
     define('TYPO3_PROCEED_IF_NO_USER', 2);
 }

 require __DIR__ . '/init.php';

 // Finding the script path from the registry
 $ajaxRegistryEntry = isset($GLOBALS['TYPO3_CONF_VARS']['BE']['AJAX'][$ajaxID]) ? $GLOBALS['TYPO3_CONF_VARS']['BE']['AJAX'][$ajaxID] : NULL;
 $ajaxScript = NULL;
 $csrfTokenCheck = FALSE;
 if ($ajaxRegistryEntry !== NULL) {
     if (is_array($ajaxRegistryEntry)) {
         if (isset($ajaxRegistryEntry['callbackMethod'])) {
             $ajaxScript = $ajaxRegistryEntry['callbackMethod'];
             $csrfTokenCheck = $ajaxRegistryEntry['csrfTokenCheck'];
         }
     } else {
         // @Deprecated since 6.2 will be removed two versions later
         $ajaxScript = $ajaxRegistryEntry;
     }
 }

 // Instantiating the AJAX object
 $ajaxObj = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Http\\AjaxRequestHandler', $ajaxID);
 $ajaxParams = array();

 // Evaluating the arguments and calling the AJAX method/function
 if (empty($ajaxID)) {
     $ajaxObj->setError('No valid ajaxID parameter given.');
 } elseif (empty($ajaxScript)) {
     $ajaxObj->setError('No backend function registered for ajaxID "' . $ajaxID . '".');
 } else {
     $success = TRUE;
     $tokenIsValid = TRUE;
     if ($csrfTokenCheck) {
         $tokenIsValid = \TYPO3\CMS\Core\FormProtection\FormProtectionFactory::get()->validateToken(\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('ajaxToken'), 'ajaxCall', $ajaxID);
     }
     if ($tokenIsValid) {
         // Cleanup global variable space
         unset($csrfTokenCheck, $ajaxRegistryEntry, $tokenIsValid, $success);
         $success = \TYPO3\CMS\Core\Utility\GeneralUtility::callUserFunction($ajaxScript, $ajaxParams, $ajaxObj, FALSE, TRUE);
     } else {
         $ajaxObj->setError('Invalid CSRF token detected for ajaxID "' . $ajaxID . '"!');
     }
     if ($success === FALSE) {
         $ajaxObj->setError('Registered backend function for ajaxID "' . $ajaxID . '" was not found.');
     }
 }

 // Outputting the content (and setting the X-JSON-Header)
 $ajaxObj->render();
TYPO3

TYPO3\CMS\Core\FormProtection\FormProtectionFactory\get
static get($className=NULL)
Definition: FormProtectionFactory.php:66

$ajaxScript
$ajaxScript
Definition: ajax.php:48

TYPO3\CMS\Core\Utility\GeneralUtility\makeInstance
static makeInstance($className)
Definition: GeneralUtility.php:4424

$ajaxID
$ajaxID
Definition: ajax.php:34

TYPO3\CMS\Core\Utility\GeneralUtility\callUserFunction
static callUserFunction($funcName, &$params, &$ref, $checkPrefix='', $errorMode=0)
Definition: GeneralUtility.php:4276

$tokenIsValid
$tokenIsValid
Definition: ajax.php:73

$ajaxRegistryEntry
$ajaxRegistryEntry
Definition: ajax.php:47

$csrfTokenCheck
$csrfTokenCheck
Definition: ajax.php:49

$ajaxParams
$ajaxParams
Definition: ajax.php:64

$noUserAjaxIDs
$noUserAjaxIDs
Definition: ajax.php:24

$GLOBALS
if(!defined('TYPO3_MODE')) $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['logoff_pre_processing'][]
Definition: ext_localconf.php:5

$ajaxObj
if($ajaxRegistryEntry !==NULL) $ajaxObj
Definition: ajax.php:63

$TYPO3_AJAX
$TYPO3_AJAX
Definition: ajax.php:21