TYPO3 CMS  TYPO3_8-7
ExtDirectRouter.php
Go to the documentation of this file.
1 <?php
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
20 
25 {
33  public function routeAction(ServerRequestInterface $request, ResponseInterface $response)
34  {
35  $GLOBALS['error'] = GeneralUtility::makeInstance(\TYPO3\CMS\Core\ExtDirect\ExtDirectDebug::class);
36  $isForm = false;
37  $isUpload = false;
38  $rawPostData = file_get_contents('php://input');
39  $postParameters = $request->getParsedBody();
40  $namespace = isset($request->getParsedBody()['namespace']) ? $request->getParsedBody()['namespace'] : $request->getQueryParams()['namespace'];
41  $extResponse = [];
42  $extRequest = null;
43  $isValidRequest = true;
44  if (!empty($postParameters['extAction'])) {
45  $isForm = true;
46  $isUpload = $postParameters['extUpload'] === 'true';
47  $extRequest = new \stdClass();
48  $extRequest->action = $postParameters['extAction'];
49  $extRequest->method = $postParameters['extMethod'];
50  $extRequest->tid = $postParameters['extTID'];
51  unset($_POST['securityToken']);
52  $extRequest->data = [$_POST + $_FILES];
53  $extRequest->data[] = $postParameters['securityToken'];
54  } elseif (!empty($rawPostData)) {
55  $extRequest = json_decode($rawPostData);
56  } else {
57  $extResponse[] = [
58  'type' => 'exception',
59  'message' => 'Something went wrong with an ExtDirect call!',
60  'code' => 'router'
61  ];
62  $isValidRequest = false;
63  }
64  if (!is_array($extRequest)) {
65  $extRequest = [$extRequest];
66  }
67  if ($isValidRequest) {
68  $validToken = false;
69  $firstCall = true;
70  foreach ($extRequest as $index => $singleRequest) {
71  $extResponse[$index] = [
72  'tid' => $singleRequest->tid,
73  'action' => $singleRequest->action,
74  'method' => $singleRequest->method
75  ];
76  $token = is_array($singleRequest->data) ? array_pop($singleRequest->data) : null;
77  if ($firstCall) {
78  $firstCall = false;
80  $validToken = $formprotection->validateToken($token, 'extDirect');
81  }
82  try {
83  if (!$validToken) {
84  throw new \TYPO3\CMS\Core\FormProtection\Exception('ExtDirect: Invalid Security Token!', 1476046324);
85  }
86  $extResponse[$index]['type'] = 'rpc';
87  $extResponse[$index]['result'] = $this->processRpc($singleRequest, $namespace);
88  $extResponse[$index]['debug'] = $GLOBALS['error']->toString();
89  } catch (\Exception $exception) {
90  $extResponse[$index]['type'] = 'exception';
91  $extResponse[$index]['message'] = $exception->getMessage();
92  $extResponse[$index]['code'] = 'router';
93  }
94  }
95  }
96  if ($isForm && $isUpload) {
97  $extResponse = json_encode($extResponse);
98  $extResponse = preg_replace('/&quot;/', '\\&quot;', $extResponse);
99  $extResponse = [
100  '<html><body><textarea>' . $extResponse . '</textarea></body></html>'
101  ];
102  } else {
103  $extResponse = json_encode($extResponse);
104  }
105  $response->getBody()->write($extResponse);
106  return $response;
107  }
108 
119  protected function processRpc($singleRequest, $namespace)
120  {
121  $endpointName = $namespace . '.' . $singleRequest->action;
122  if (
123  !isset($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ExtDirect'][$endpointName])
124  || !is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ExtDirect'][$endpointName])
125  ) {
126  throw new \UnexpectedValueException('ExtDirect: Call to undefined endpoint: ' . $endpointName, 1294586450);
127  }
128  if (!isset($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ExtDirect'][$endpointName]['callbackClass'])) {
129  throw new \UnexpectedValueException('ExtDirect: Call to undefined endpoint: ' . $endpointName, 1294586451);
130  }
131  $callbackClass = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ExtDirect'][$endpointName]['callbackClass'];
132  $configuration = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ExtDirect'][$endpointName];
133  if (!is_null($configuration['moduleName']) && !is_null($configuration['accessLevel'])) {
134  $GLOBALS['BE_USER']->modAccess([
135  'name' => $configuration['moduleName'],
136  'access' => $configuration['accessLevel']
137  ], true);
138  }
139  $endpointObject = GeneralUtility::getUserObj($callbackClass);
140  return call_user_func_array([$endpointObject, $singleRequest->method], is_array($singleRequest->data) ? $singleRequest->data : []);
141  }
142 }
routeAction(ServerRequestInterface $request, ResponseInterface $response)
static makeInstance($className,... $constructorArguments)
processRpc($singleRequest, $namespace)
static get($classNameOrType='default',... $constructorArguments)
if(TYPO3_MODE==='BE') $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController']['default']