TYPO3 CMS  TYPO3_7-6
AjaxController.php
Go to the documentation of this file.
1 <?php
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
22 {
26  protected $unauthorized = 'unauthorized';
27 
31  protected $authenticationActions = [
32  'extensionCompatibilityTester',
33  'uninstallExtension',
34  'clearCache',
35  'coreUpdateUpdateVersionMatrix',
36  'coreUpdateIsUpdateAvailable',
37  'coreUpdateCheckPreConditions',
38  'coreUpdateDownload',
39  'coreUpdateVerifyChecksum',
40  'coreUpdateUnpack',
41  'coreUpdateMove',
42  'coreUpdateActivate',
43  'folderStatus',
44  'environmentStatus'
45  ];
46 
52  public function execute()
53  {
54  $this->loadBaseExtensions();
55  $this->initializeObjectManager();
56  // Warning: Order of these methods is security relevant and interferes with different access
57  // conditions (new/existing installation). See the single method comments for details.
60  $this->initializeSession();
61  $this->checkSessionToken();
62  $this->checkSessionLifetime();
63  $this->checkLogin();
64  $this->dispatchAuthenticationActions();
65  }
66 
73  {
74  if (!$this->isInstallToolAvailable()) {
75  $this->output($this->unauthorized);
76  }
77  }
78 
84  protected function checkInstallToolPasswordNotSet()
85  {
86  if (empty($GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'])) {
87  $this->output($this->unauthorized);
88  }
89  }
90 
96  protected function checkLogin()
97  {
98  if (!$this->session->isAuthorized()) {
99  $this->output($this->unauthorized);
100  } else {
101  $this->session->refreshSession();
102  }
103  }
104 
112  protected function handleSessionTokenCheck($tokenOk)
113  {
114  if (!$tokenOk) {
115  $this->output($this->unauthorized);
116  }
117  }
118 
125  protected function handleSessionLifeTimeExpired()
126  {
127  $this->output($this->unauthorized);
128  }
129 
136  protected function dispatchAuthenticationActions()
137  {
138  $action = $this->getAction();
139  if ($action === '') {
140  $this->output('noAction');
141  }
142  $this->validateAuthenticationAction($action);
143  $actionClass = ucfirst($action);
145  $toolAction = $this->objectManager->get('TYPO3\\CMS\\Install\\Controller\\Action\\Ajax\\' . $actionClass);
146  if (!($toolAction instanceof Action\ActionInterface)) {
147  throw new Exception(
148  $action . ' does not implement ActionInterface',
149  1369474308
150  );
151  }
152  $toolAction->setController('ajax');
153  $toolAction->setAction($action);
154  $toolAction->setToken($this->generateTokenForAction($action));
155  $toolAction->setPostValues($this->getPostValues());
156  $this->output($toolAction->handle());
157  }
158 
165  protected function output($content = '')
166  {
167  ob_clean();
168  header('Content-Type: application/json; charset=utf-8');
169  header('Cache-Control: no-cache, must-revalidate');
170  header('Pragma: no-cache');
171  echo $content;
172  die;
173  }
174 }
if(TYPO3_MODE==='BE') $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController']['default']