projects / Packages / TYPO3.CMS.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[BUGFIX] ext:install Better error handling in first folder step
[Packages/TYPO3.CMS.git] / typo3 / sysext / install / Classes / Controller / AjaxController.php
1 <?php
2 namespace TYPO3\CMS\Install\Controller;
3
4 /***************************************************************
5 * Copyright notice
6 *
7 * (c) 2013 Susanne Moog <typo3@susannemoog.de>
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 * A copy is found in the textfile GPL.txt and important notices to the license
19 * from the author is found in LICENSE.txt distributed with these scripts.
20 *
21 *
22 * This script is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
26 *
27 * This copyright notice MUST APPEAR in all copies of the script!
28 ***************************************************************/
29
30 /**
31 * Install tool ajax controller, handles ajax requests
32 *
33 */
34 class AjaxController extends AbstractController {
35
36 /**
37 * @var string
38 */
39 protected $unauthorized = 'unauthorized';
40
41 /**
42 * @var array List of valid action names that need authentication
43 */
44 protected $authenticationActions = array(
45 'extensionCompatibilityTester',
46 'uninstallExtension',
47 'clearCache'
48 );
49
50 /**
51 * Main entry point
52 *
53 * @return void
54 */
55 public function execute() {
56 $this->loadBaseExtensions();
57 $this->initializeObjectManager();
58 // Warning: Order of these methods is security relevant and interferes with different access
59 // conditions (new/existing installation). See the single method comments for details.
60 $this->checkInstallToolEnabled();
61 $this->checkInstallToolPasswordNotSet();
62 $this->initializeSession();
63 $this->checkSessionToken();
64 $this->checkSessionLifetime();
65 $this->checkLogin();
66 $this->dispatchAuthenticationActions();
67 }
68
69 /**
70 * Check whether the install tool is enabled
71 *
72 * @return void
73 */
74 protected function checkInstallToolEnabled() {
75 if (is_dir(PATH_typo3conf)) {
76 /** @var \TYPO3\CMS\Install\Service\EnableFileService $installToolEnableService */
77 $installToolEnableService = $this->objectManager->get('TYPO3\\CMS\\Install\\Service\\EnableFileService');
78 if (!$installToolEnableService->checkInstallToolEnableFile()) {
79 $this->output($this->unauthorized);
80 }
81 }
82 }
83
84 /**
85 * Check if the install tool password is set
86 *
87 * @return void
88 */
89 protected function checkInstallToolPasswordNotSet() {
90 if (empty($GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'])) {
91 $this->output($this->unauthorized);
92 }
93 }
94
95 /**
96 * Check login status
97 *
98 * @return void
99 */
100 protected function checkLogin() {
101 if (!$this->session->isAuthorized()) {
102 $this->output($this->unauthorized);
103 } else {
104 $this->session->refreshSession();
105 }
106 }
107
108 /**
109 * Overwrites abstract method
110 * In contrast to abstract method, a response "you are not authorized is outputted"
111 *
112 * @param boolean $tokenOk
113 * @return void
114 */
115 protected function handleSessionTokenCheck($tokenOk) {
116 if (!$tokenOk) {
117 $this->output($this->unauthorized);
118 }
119 }
120
121 /**
122 * Overwrites abstract method
123 * In contrast to abstract method, a response "you are not authorized is outputted"
124 *
125 * @return void
126 */
127 protected function handleSessionLifeTimeExpired() {
128 $this->output($this->unauthorized);
129 }
130
131 /**
132 * Call an action that needs authentication
133 *
134 * @throws Exception
135 * @return string Rendered content
136 */
137 protected function dispatchAuthenticationActions() {
138 $action = $this->getAction();
139 if ($action === '') {
140 $this->output('noAction');
141 }
142 $this->validateAuthenticationAction($action);
143 $actionClass = ucfirst($action);
144 /** @var \TYPO3\CMS\Install\Controller\Action\ActionInterface $toolAction */
145 $toolAction = $this->objectManager->get('TYPO3\\CMS\\Install\\Controller\\Action\\Ajax\\' . $actionClass);
146 if (!($toolAction instanceof \TYPO3\CMS\Install\Controller\Action\ActionInterface)) {
147 throw new Exception(
148 $action . ' does not implement ActionInterface',
149 1369474308
150 );
151 }
152 $toolAction->setController('ajax');
153 $toolAction->setAction($action);
154 $toolAction->setToken($this->generateTokenForAction($action));
155 $toolAction->setPostValues($this->getPostValues());
156 $this->output($toolAction->handle());
157 }
158
159 /**
160 * Output content.
161 * WARNING: This exits the script execution!
162 *
163 * @param string $content Content to output
164 */
165 protected function output($content = '') {
166 header('Content-Type: text/html; charset=utf-8');
167 header('Cache-Control: no-cache, must-revalidate');
168 header('Pragma: no-cache');
169 echo $content;
170 die;
171 }
172 }
173 ?>
TYPO3 CMS Core Development