[TASK] Re-work/simplify copyright header in PHP files - Part 2
[Packages/TYPO3.CMS.git] / typo3 / sysext / install / Classes / Controller / AjaxController.php
1 <?php
2 namespace TYPO3\CMS\Install\Controller;
3
4 /**
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 /**
18 * Install tool ajax controller, handles ajax requests
19 *
20 */
21 class AjaxController extends AbstractController {
22
23 /**
24 * @var string
25 */
26 protected $unauthorized = 'unauthorized';
27
28 /**
29 * @var array List of valid action names that need authentication
30 */
31 protected $authenticationActions = array(
32 'extensionCompatibilityTester',
33 'uninstallExtension',
34 'clearCache',
35 'coreUpdateUpdateVersionMatrix',
36 'coreUpdateIsUpdateAvailable',
37 'coreUpdateCheckPreConditions',
38 'coreUpdateDownload',
39 'coreUpdateVerifyChecksum',
40 'coreUpdateUnpack',
41 'coreUpdateMove',
42 'coreUpdateActivate',
43 'folderStatus',
44 'environmentStatus'
45 );
46
47 /**
48 * Main entry point
49 *
50 * @return void
51 */
52 public function execute() {
53 $this->loadBaseExtensions();
54 $this->initializeObjectManager();
55 // Warning: Order of these methods is security relevant and interferes with different access
56 // conditions (new/existing installation). See the single method comments for details.
57 $this->outputInstallToolNotEnabledMessageIfNeeded();
58 $this->checkInstallToolPasswordNotSet();
59 $this->initializeSession();
60 $this->checkSessionToken();
61 $this->checkSessionLifetime();
62 $this->checkLogin();
63 $this->dispatchAuthenticationActions();
64 }
65
66 /**
67 * Check whether the install tool is enabled
68 *
69 * @return void
70 */
71 protected function outputInstallToolNotEnabledMessageIfNeeded() {
72 if (!$this->isInstallToolAvailable()) {
73 $this->output($this->unauthorized);
74 }
75 }
76
77 /**
78 * Check if the install tool password is set
79 *
80 * @return void
81 */
82 protected function checkInstallToolPasswordNotSet() {
83 if (empty($GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'])) {
84 $this->output($this->unauthorized);
85 }
86 }
87
88 /**
89 * Check login status
90 *
91 * @return void
92 */
93 protected function checkLogin() {
94 if (!$this->session->isAuthorized()) {
95 $this->output($this->unauthorized);
96 } else {
97 $this->session->refreshSession();
98 }
99 }
100
101 /**
102 * Overwrites abstract method
103 * In contrast to abstract method, a response "you are not authorized is outputted"
104 *
105 * @param boolean $tokenOk
106 * @return void
107 */
108 protected function handleSessionTokenCheck($tokenOk) {
109 if (!$tokenOk) {
110 $this->output($this->unauthorized);
111 }
112 }
113
114 /**
115 * Overwrites abstract method
116 * In contrast to abstract method, a response "you are not authorized is outputted"
117 *
118 * @return void
119 */
120 protected function handleSessionLifeTimeExpired() {
121 $this->output($this->unauthorized);
122 }
123
124 /**
125 * Call an action that needs authentication
126 *
127 * @throws Exception
128 * @return string Rendered content
129 */
130 protected function dispatchAuthenticationActions() {
131 $action = $this->getAction();
132 if ($action === '') {
133 $this->output('noAction');
134 }
135 $this->validateAuthenticationAction($action);
136 $actionClass = ucfirst($action);
137 /** @var \TYPO3\CMS\Install\Controller\Action\ActionInterface $toolAction */
138 $toolAction = $this->objectManager->get('TYPO3\\CMS\\Install\\Controller\\Action\\Ajax\\' . $actionClass);
139 if (!($toolAction instanceof Action\ActionInterface)) {
140 throw new Exception(
141 $action . ' does not implement ActionInterface',
142 1369474308
143 );
144 }
145 $toolAction->setController('ajax');
146 $toolAction->setAction($action);
147 $toolAction->setToken($this->generateTokenForAction($action));
148 $toolAction->setPostValues($this->getPostValues());
149 $this->output($toolAction->handle());
150 }
151
152 /**
153 * Output content.
154 * WARNING: This exits the script execution!
155 *
156 * @param string $content JSON encoded content to output
157 */
158 protected function output($content = '') {
159 ob_clean();
160 header('Content-Type: application/json; charset=utf-8');
161 header('Cache-Control: no-cache, must-revalidate');
162 header('Pragma: no-cache');
163 echo $content;
164 die;
165 }
166 }