[TASK] Use GeneralUtility::quoteJSvalue() where needed part 1
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / BackendModuleRequestHandler.php
1 <?php
2 namespace TYPO3\CMS\Backend;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
18 use TYPO3\CMS\Core\Core\Bootstrap;
19 use TYPO3\CMS\Core\FormProtection\FormProtectionFactory;
20 use TYPO3\CMS\Core\Exception;
21 use TYPO3\CMS\Core\Utility\GeneralUtility;
22 use TYPO3\CMS\Extbase\Object\ObjectManager;
23
24 /**
25 * Handles the request for backend modules and wizards
26 */
27 class BackendModuleRequestHandler implements \TYPO3\CMS\Core\Core\RequestHandlerInterface {
28
29 /**
30 * @var Bootstrap
31 */
32 protected $bootstrap;
33
34 /**
35 * @var array
36 */
37 protected $moduleRegistry = array();
38
39 /**
40 * @var BackendUserAuthentication
41 */
42 protected $backendUserAuthentication;
43
44 /**
45 * @param Bootstrap $bootstrap The TYPO3 core bootstrap
46 */
47 public function __construct(Bootstrap $bootstrap) {
48 $this->bootstrap = $bootstrap;
49 }
50
51 /**
52 * Handles the request, evaluating the configuration and executes the module accordingly
53 *
54 * @throws Exception
55 */
56 public function handleRequest() {
57 $this->boot();
58
59 $this->moduleRegistry = $GLOBALS['TBE_MODULES'];
60
61 if (!$this->isValidModuleRequest()) {
62 throw new Exception('The CSRF protection token for the requested module is missing or invalid', 1417988921);
63 }
64
65 // Set to empty as it is not needed / always coming from typo3/mod.php
66 $GLOBALS['BACK_PATH'] = '';
67
68 $this->backendUserAuthentication = $GLOBALS['BE_USER'];
69
70 $moduleName = (string)GeneralUtility::_GET('M');
71 if ($this->isDispatchedModule($moduleName)) {
72 $isDispatched = $this->dispatchModule($moduleName);
73 } else {
74 $isDispatched = $this->callTraditionalModule($moduleName);
75 }
76 if ($isDispatched === FALSE) {
77 throw new Exception('No module "' . $moduleName . '" could be found.', 1294585070);
78 }
79 }
80
81 /**
82 * Execute TYPO3 bootstrap
83 */
84 protected function boot() {
85 $this->bootstrap->checkLockedBackendAndRedirectOrDie()
86 ->checkBackendIpOrDie()
87 ->checkSslBackendAndRedirectIfNeeded()
88 ->checkValidBrowserOrDie()
89 ->loadExtensionTables(TRUE)
90 ->initializeSpriteManager()
91 ->initializeBackendUser()
92 ->initializeBackendAuthentication()
93 ->initializeLanguageObject()
94 ->initializeBackendTemplate()
95 ->endOutputBufferingAndCleanPreviousOutput()
96 ->initializeOutputCompression()
97 ->sendHttpHeaders();
98 }
99
100 /**
101 * This request handler can handle any backend request coming from mod.php
102 *
103 * @return bool
104 */
105 public function canHandleRequest() {
106 return (TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_BE) && !empty((string)GeneralUtility::_GET('M'));
107 }
108
109 /**
110 * Checks if all parameters are met.
111 *
112 * @return bool
113 */
114 protected function isValidModuleRequest() {
115 return $this->getFormProtection()->validateToken((string)GeneralUtility::_GP('moduleToken'), 'moduleCall', (string)GeneralUtility::_GET('M'));
116 }
117
118 /**
119 * A dispatched module, currently only Extbase modules are dispatched,
120 * traditional modules have a module path set.
121 *
122 * @param string $moduleName
123 * @return bool
124 */
125 protected function isDispatchedModule($moduleName) {
126 return empty($this->moduleRegistry['_PATHS'][$moduleName]);
127 }
128
129 /**
130 * Executes the module dispatcher which calls the module appropriately.
131 * Currently only used by Extbase
132 *
133 * @param string $moduleName
134 * @return bool
135 */
136 protected function dispatchModule($moduleName) {
137 if (is_array($this->moduleRegistry['_dispatcher'])) {
138 foreach ($this->moduleRegistry['_dispatcher'] as $dispatcherClassName) {
139 $dispatcher = GeneralUtility::makeInstance(ObjectManager::class)->get($dispatcherClassName);
140 if ($dispatcher->callModule($moduleName) === TRUE) {
141 return TRUE;
142 break;
143 }
144 }
145 }
146 return FALSE;
147 }
148
149 /**
150 * Calls traditional modules which are identified by having a index.php in their directory
151 * and were previously located within the global scope.
152 *
153 * @param string $moduleName
154 * @return bool
155 */
156 protected function callTraditionalModule($moduleName) {
157 $moduleBasePath = $this->moduleRegistry['_PATHS'][$moduleName];
158 $GLOBALS['MCONF'] = $moduleConfiguration = $this->getModuleConfiguration($moduleName);
159 if (!empty($moduleConfiguration['access'])) {
160 $this->backendUserAuthentication->modAccess($moduleConfiguration, TRUE);
161 }
162 if (file_exists($moduleBasePath . 'index.php')) {
163 global $SOBE;
164 require $moduleBasePath . 'index.php';
165 return TRUE;
166 }
167 return FALSE;
168 }
169
170 /**
171 * Returns the module configuration which is either provided in a conf.php file
172 * or during module registration
173 *
174 * @param string $moduleName
175 * @return array
176 */
177 protected function getModuleConfiguration($moduleName) {
178 $moduleBasePath = $this->moduleRegistry['_PATHS'][$moduleName];
179 if (file_exists($moduleBasePath . 'conf.php')) {
180 // Some modules still rely on this global configuration array in a conf.php file
181 require $moduleBasePath . 'conf.php';
182 $moduleConfiguration = $MCONF;
183 } else {
184 $moduleConfiguration = $this->moduleRegistry['_configuration'][$moduleName];
185 }
186 return $moduleConfiguration;
187 }
188
189
190 /**
191 * Returns the priority - how eager the handler is to actually handle the request.
192 *
193 * @return int The priority of the request handler.
194 */
195 public function getPriority() {
196 return 90;
197 }
198
199 /**
200 * Wrapper method for static form protection utility
201 *
202 * @return \TYPO3\CMS\Core\FormProtection\AbstractFormProtection
203 */
204 protected function getFormProtection() {
205 return FormProtectionFactory::get();
206 }
207
208 }