TYPO3 CMS  TYPO3_8-7
BackendModuleRequestHandler.php
Go to the documentation of this file.
1 <?php
2 namespace TYPO3\CMS\Backend\Http;
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
30 
36 {
40  protected $bootstrap;
41 
45  protected $moduleRegistry = [];
46 
51 
56  protected $request;
57 
63  public function __construct(Bootstrap $bootstrap)
64  {
65  $this->bootstrap = $bootstrap;
66  }
67 
75  public function handleRequest(ServerRequestInterface $request)
76  {
77  $this->request = $request;
78  $this->boot();
79 
80  $this->moduleRegistry = $GLOBALS['TBE_MODULES'];
81 
82  if (!$this->isValidModuleRequest()) {
83  throw new Exception('The CSRF protection token for the requested module is missing or invalid', 1417988921);
84  }
85 
86  $this->backendUserAuthentication = $GLOBALS['BE_USER'];
87 
88  $moduleName = (string)$this->request->getQueryParams()['M'];
89  return $this->dispatchModule($moduleName);
90  }
91 
95  protected function boot()
96  {
97  $this->bootstrap->checkLockedBackendAndRedirectOrDie()
98  ->checkBackendIpOrDie()
99  ->checkSslBackendAndRedirectIfNeeded()
100  ->initializeBackendRouter()
101  ->loadBaseTca()
102  ->loadExtTables()
103  ->initializeBackendUser()
104  ->initializeBackendAuthentication()
105  ->initializeLanguageObject()
106  ->initializeBackendTemplate()
107  ->endOutputBufferingAndCleanPreviousOutput()
108  ->initializeOutputCompression()
109  ->sendHttpHeaders();
110  }
111 
118  public function canHandleRequest(ServerRequestInterface $request)
119  {
120  return $request->getAttribute('isModuleRequest', false);
121  }
122 
128  protected function isValidModuleRequest()
129  {
130  return $this->getFormProtection() instanceof BackendFormProtection
131  && $this->getFormProtection()->validateToken((string)$this->request->getQueryParams()['moduleToken'], 'moduleCall', (string)$this->request->getQueryParams()['M']);
132  }
133 
141  protected function dispatchModule($moduleName)
142  {
143  $moduleConfiguration = $this->getModuleConfiguration($moduleName);
144 
146  $response = GeneralUtility::makeInstance(Response::class);
147 
148  // Check permissions and exit if the user has no permission for entry
149  $this->backendUserAuthentication->modAccess($moduleConfiguration, true);
150  $id = isset($this->request->getQueryParams()['id']) ? $this->request->getQueryParams()['id'] : $this->request->getParsedBody()['id'];
151  if ($id && MathUtility::canBeInterpretedAsInteger($id)) {
152  $permClause = $this->backendUserAuthentication->getPagePermsClause(Permission::PAGE_SHOW);
153  // Check page access
154  $access = is_array(BackendUtility::readPageAccess((int)$id, $permClause));
155  if (!$access) {
156  // Check if page has been deleted
157  $deleteField = $GLOBALS['TCA']['pages']['ctrl']['delete'];
158  $pageInfo = BackendUtility::getRecord('pages', (int)$id, $deleteField, $permClause ? ' AND ' . $permClause : '', false);
159  if (!$pageInfo[$deleteField]) {
160  throw new \RuntimeException('You don\'t have access to this page', 1289917924);
161  }
162  }
163  }
164 
165  // Use Core Dispatching
166  if (isset($moduleConfiguration['routeTarget'])) {
167  $dispatcher = GeneralUtility::makeInstance(Dispatcher::class);
168  $this->request = $this->request->withAttribute('target', $moduleConfiguration['routeTarget']);
169  $response = $dispatcher->dispatch($this->request, $response);
170  } else {
171  // extbase module
172  $configuration = [
173  'extensionName' => $moduleConfiguration['extensionName'],
174  'pluginName' => $moduleName
175  ];
176  if (isset($moduleConfiguration['vendorName'])) {
177  $configuration['vendorName'] = $moduleConfiguration['vendorName'];
178  }
179 
180  // Run Extbase
181  $bootstrap = GeneralUtility::makeInstance(\TYPO3\CMS\Extbase\Core\Bootstrap::class);
182  $content = $bootstrap->run('', $configuration);
183 
184  $response->getBody()->write($content);
185  }
186 
187  return $response;
188  }
189 
197  protected function getModuleConfiguration($moduleName)
198  {
199  if (!isset($this->moduleRegistry['_configuration'][$moduleName])) {
200  throw new \RuntimeException('Module ' . $moduleName . ' is not configured.', 1289918325);
201  }
202  return $this->moduleRegistry['_configuration'][$moduleName];
203  }
204 
210  public function getPriority()
211  {
212  return 90;
213  }
214 
220  protected function getFormProtection()
221  {
223  }
224 }
static readPageAccess($id, $perms_clause)
static makeInstance($className,... $constructorArguments)
static get($classNameOrType='default',... $constructorArguments)
static getRecord($table, $uid, $fields=' *', $where='', $useDeleteClause=true)
if(TYPO3_MODE==='BE') $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController']['default']