[BUGFIX] Add label for title of "Edit metadata" link
[Packages/TYPO3.CMS.git] / typo3 / ajax.php
1 <?php
2 /**
3 * This file is part of the TYPO3 CMS project.
4 *
5 * It is free software; you can redistribute it and/or modify it under
6 * the terms of the GNU General Public License, either version 2
7 * of the License, or any later version.
8 *
9 * For the full copyright and license information, please read the
10 * LICENSE.txt file that was distributed with this source code.
11 *
12 * The TYPO3 project - inspiring people to share!
13 */
14
15 /**
16 * AJAX dispatcher
17 *
18 * @author Benjamin Mack <mack@xnos.org>
19 */
20
21 $TYPO3_AJAX = TRUE;
22
23 // This is a list of requests that don't necessarily need a valid BE user
24 $noUserAjaxIDs = array(
25 'BackendLogin::login',
26 'BackendLogin::logout',
27 'BackendLogin::refreshLogin',
28 'BackendLogin::isTimedOut',
29 'BackendLogin::getChallenge',
30 'BackendLogin::getRsaPublicKey',
31 );
32
33 // First get the ajaxID
34 $ajaxID = isset($_POST['ajaxID']) ? $_POST['ajaxID'] : $_GET['ajaxID'];
35 if (isset($ajaxID)) {
36 $ajaxID = (string)stripslashes($ajaxID);
37 }
38
39 // If we're trying to do an ajax login, don't require a user.
40 if (in_array($ajaxID, $noUserAjaxIDs)) {
41 define('TYPO3_PROCEED_IF_NO_USER', 2);
42 }
43
44 require __DIR__ . '/init.php';
45
46 // Finding the script path from the registry
47 $ajaxRegistryEntry = isset($GLOBALS['TYPO3_CONF_VARS']['BE']['AJAX'][$ajaxID]) ? $GLOBALS['TYPO3_CONF_VARS']['BE']['AJAX'][$ajaxID] : NULL;
48 $ajaxScript = NULL;
49 $csrfTokenCheck = FALSE;
50 if ($ajaxRegistryEntry !== NULL) {
51 if (is_array($ajaxRegistryEntry)) {
52 if (isset($ajaxRegistryEntry['callbackMethod'])) {
53 $ajaxScript = $ajaxRegistryEntry['callbackMethod'];
54 $csrfTokenCheck = $ajaxRegistryEntry['csrfTokenCheck'];
55 }
56 } else {
57 // @Deprecated since 6.2 will be removed two versions later
58 $ajaxScript = $ajaxRegistryEntry;
59 }
60 }
61
62 // Instantiating the AJAX object
63 $ajaxObj = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Http\\AjaxRequestHandler', $ajaxID);
64 $ajaxParams = array();
65
66 // Evaluating the arguments and calling the AJAX method/function
67 if (empty($ajaxID)) {
68 $ajaxObj->setError('No valid ajaxID parameter given.');
69 } elseif (empty($ajaxScript)) {
70 $ajaxObj->setError('No backend function registered for ajaxID "' . $ajaxID . '".');
71 } else {
72 $success = TRUE;
73 $tokenIsValid = TRUE;
74 if ($csrfTokenCheck) {
75 $tokenIsValid = \TYPO3\CMS\Core\FormProtection\FormProtectionFactory::get()->validateToken(\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('ajaxToken'), 'ajaxCall', $ajaxID);
76 }
77 if ($tokenIsValid) {
78 // Cleanup global variable space
79 unset($csrfTokenCheck, $ajaxRegistryEntry, $tokenIsValid, $success);
80 $success = \TYPO3\CMS\Core\Utility\GeneralUtility::callUserFunction($ajaxScript, $ajaxParams, $ajaxObj, FALSE, TRUE);
81 } else {
82 $ajaxObj->setError('Invalid CSRF token detected for ajaxID "' . $ajaxID . '"!');
83 }
84 if ($success === FALSE) {
85 $ajaxObj->setError('Registered backend function for ajaxID "' . $ajaxID . '" was not found.');
86 }
87 }
88
89 // Outputting the content (and setting the X-JSON-Header)
90 $ajaxObj->render();