224f26e4ce5b53a6e1f047d9496cda95bc024c62
[Packages/TYPO3.CMS.git] / typo3 / sysext / install / Classes / Controller / AjaxController.php
1 <?php
2 namespace TYPO3\CMS\Install\Controller;
3
4 /***************************************************************
5 * Copyright notice
6 *
7 * (c) 2013 Susanne Moog <typo3@susannemoog.de>
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 * A copy is found in the textfile GPL.txt and important notices to the license
19 * from the author is found in LICENSE.txt distributed with these scripts.
20 *
21 *
22 * This script is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
26 *
27 * This copyright notice MUST APPEAR in all copies of the script!
28 ***************************************************************/
29
30 /**
31 * Install tool ajax controller, handles ajax requests
32 *
33 */
34 class AjaxController extends AbstractController {
35
36 /**
37 * @var string
38 */
39 protected $unauthorized = 'unauthorized';
40
41 /**
42 * @var array List of valid action names that need authentication
43 */
44 protected $authenticationActions = array(
45 'extensionCompatibilityTester',
46 'uninstallExtension',
47 'clearCache',
48 'coreUpdateUpdateVersionMatrix',
49 'coreUpdateIsUpdateAvailable',
50 'coreUpdateCheckPreConditions',
51 'coreUpdateDownload',
52 'coreUpdateUnpack',
53 'coreUpdateMove',
54 'coreUpdateActivate',
55 );
56
57 /**
58 * Main entry point
59 *
60 * @return void
61 */
62 public function execute() {
63 $this->loadBaseExtensions();
64 $this->initializeObjectManager();
65 // Warning: Order of these methods is security relevant and interferes with different access
66 // conditions (new/existing installation). See the single method comments for details.
67 $this->checkInstallToolEnabled();
68 $this->checkInstallToolPasswordNotSet();
69 $this->initializeSession();
70 $this->checkSessionToken();
71 $this->checkSessionLifetime();
72 $this->checkLogin();
73 $this->dispatchAuthenticationActions();
74 }
75
76 /**
77 * Check whether the install tool is enabled
78 *
79 * @return void
80 */
81 protected function checkInstallToolEnabled() {
82 if (is_dir(PATH_typo3conf)) {
83 /** @var \TYPO3\CMS\Install\Service\EnableFileService $installToolEnableService */
84 $installToolEnableService = $this->objectManager->get('TYPO3\\CMS\\Install\\Service\\EnableFileService');
85 if (!$installToolEnableService->checkInstallToolEnableFile()) {
86 $this->output($this->unauthorized);
87 }
88 }
89 }
90
91 /**
92 * Check if the install tool password is set
93 *
94 * @return void
95 */
96 protected function checkInstallToolPasswordNotSet() {
97 if (empty($GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'])) {
98 $this->output($this->unauthorized);
99 }
100 }
101
102 /**
103 * Check login status
104 *
105 * @return void
106 */
107 protected function checkLogin() {
108 if (!$this->session->isAuthorized()) {
109 $this->output($this->unauthorized);
110 } else {
111 $this->session->refreshSession();
112 }
113 }
114
115 /**
116 * Overwrites abstract method
117 * In contrast to abstract method, a response "you are not authorized is outputted"
118 *
119 * @param boolean $tokenOk
120 * @return void
121 */
122 protected function handleSessionTokenCheck($tokenOk) {
123 if (!$tokenOk) {
124 $this->output($this->unauthorized);
125 }
126 }
127
128 /**
129 * Overwrites abstract method
130 * In contrast to abstract method, a response "you are not authorized is outputted"
131 *
132 * @return void
133 */
134 protected function handleSessionLifeTimeExpired() {
135 $this->output($this->unauthorized);
136 }
137
138 /**
139 * Call an action that needs authentication
140 *
141 * @throws Exception
142 * @return string Rendered content
143 */
144 protected function dispatchAuthenticationActions() {
145 $action = $this->getAction();
146 if ($action === '') {
147 $this->output('noAction');
148 }
149 $this->validateAuthenticationAction($action);
150 $actionClass = ucfirst($action);
151 /** @var \TYPO3\CMS\Install\Controller\Action\ActionInterface $toolAction */
152 $toolAction = $this->objectManager->get('TYPO3\\CMS\\Install\\Controller\\Action\\Ajax\\' . $actionClass);
153 if (!($toolAction instanceof \TYPO3\CMS\Install\Controller\Action\ActionInterface)) {
154 throw new Exception(
155 $action . ' does not implement ActionInterface',
156 1369474308
157 );
158 }
159 $toolAction->setController('ajax');
160 $toolAction->setAction($action);
161 $toolAction->setToken($this->generateTokenForAction($action));
162 $toolAction->setPostValues($this->getPostValues());
163 $this->output($toolAction->handle());
164 }
165
166 /**
167 * Output content.
168 * WARNING: This exits the script execution!
169 *
170 * @param string $content Content to output
171 */
172 protected function output($content = '') {
173 header('Content-Type: application/json; charset=utf-8');
174 header('Cache-Control: no-cache, must-revalidate');
175 header('Pragma: no-cache');
176 echo json_encode($content);
177 die;
178 }
179 }