TYPO3 CMS  TYPO3_8-7
AjaxController.php
Go to the documentation of this file.
1 <?php
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
18 
23 {
27  protected $unauthorized = 'unauthorized';
28 
32  protected $authenticationActions = [
33  'extensionCompatibilityTester',
34  'uninstallExtension',
35  'clearCache',
36  'clearAllCache',
37  'dumpAutoload',
38  'coreUpdateUpdateVersionMatrix',
39  'coreUpdateIsUpdateAvailable',
40  'coreUpdateCheckPreConditions',
41  'coreUpdateDownload',
42  'coreUpdateVerifyChecksum',
43  'coreUpdateUnpack',
44  'coreUpdateMove',
45  'coreUpdateActivate',
46  'folderStatus',
47  'environmentStatus',
48  'tcaExtTablesCheck',
49  'tcaMigrationsCheck',
50  'filterManager',
51  'saveIgnoredItems',
52  'removeIgnoredItems',
53  ];
54 
58  public function execute()
59  {
60  $this->loadBaseExtensions();
61  // Warning: Order of these methods is security relevant and interferes with different access
62  // conditions (new/existing installation). See the single method comments for details.
65  $this->initializeSession();
66  $this->checkSessionToken();
67  $this->checkSessionLifetime();
68  $this->checkLogin();
69  $this->dispatchAuthenticationActions();
70  }
71 
76  {
77  if (!$this->isInstallToolAvailable()) {
78  $this->output($this->unauthorized);
79  }
80  }
81 
85  protected function checkInstallToolPasswordNotSet()
86  {
87  if (empty($GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'])) {
88  $this->output($this->unauthorized);
89  }
90  }
91 
95  protected function checkLogin()
96  {
97  if (!$this->session->isAuthorized()) {
98  $this->output($this->unauthorized);
99  } else {
100  $this->session->refreshSession();
101  }
102  }
103 
110  protected function handleSessionTokenCheck($tokenOk)
111  {
112  if (!$tokenOk) {
113  $this->output($this->unauthorized);
114  }
115  }
116 
121  protected function handleSessionLifeTimeExpired()
122  {
123  $this->output($this->unauthorized);
124  }
125 
132  protected function dispatchAuthenticationActions()
133  {
134  $action = $this->getAction();
135  if ($action === '') {
136  $this->output('noAction');
137  }
138  $this->validateAuthenticationAction($action);
139  $actionClass = ucfirst($action);
141  $toolAction = GeneralUtility::makeInstance('TYPO3\\CMS\\Install\\Controller\\Action\\Ajax\\' . $actionClass);
142  if (!($toolAction instanceof Action\ActionInterface)) {
143  throw new Exception(
144  $action . ' does not implement ActionInterface',
145  1369474308
146  );
147  }
148  $toolAction->setController('ajax');
149  $toolAction->setAction($action);
150  $toolAction->setToken($this->generateTokenForAction($action));
151  $toolAction->setPostValues($this->getPostValues());
152  $this->output($toolAction->handle());
153  }
154 
161  protected function output($content = '')
162  {
163  ob_clean();
164  header('Content-Type: application/json; charset=utf-8');
165  header('Cache-Control: no-cache, must-revalidate');
166  header('Pragma: no-cache');
167  echo $content;
168  die;
169  }
170 }
static makeInstance($className,... $constructorArguments)
if(TYPO3_MODE==='BE') $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController']['default']