[BUGFIX] Fix PHP warnings on fe_user log out
[Packages/TYPO3.CMS.git] / typo3 / ajax.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 2007-2013 Benjamin Mack
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the text file GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27
28 /**
29 * AJAX dispatcher
30 *
31 * @author Benjamin Mack <mack@xnos.org>
32 */
33
34 $TYPO3_AJAX = TRUE;
35
36 // This is a list of requests that don't necessarily need a valid BE user
37 $noUserAjaxIDs = array(
38 'BackendLogin::login',
39 'BackendLogin::logout',
40 'BackendLogin::refreshLogin',
41 'BackendLogin::isTimedOut',
42 'BackendLogin::getChallenge'
43 );
44
45 // First get the ajaxID
46 $ajaxID = isset($_POST['ajaxID']) ? $_POST['ajaxID'] : $_GET['ajaxID'];
47 if (isset($ajaxID)) {
48 $ajaxID = (string)stripslashes($ajaxID);
49 }
50
51 // If we're trying to do an ajax login, don't require a user.
52 if (in_array($ajaxID, $noUserAjaxIDs)) {
53 define('TYPO3_PROCEED_IF_NO_USER', 2);
54 }
55
56 require __DIR__ . '/init.php';
57
58 // Finding the script path from the registry
59 $ajaxRegistryEntry = isset($GLOBALS['TYPO3_CONF_VARS']['BE']['AJAX'][$ajaxID]) ? $GLOBALS['TYPO3_CONF_VARS']['BE']['AJAX'][$ajaxID] : NULL;
60 $ajaxScript = NULL;
61 $csrfTokenCheck = FALSE;
62 if ($ajaxRegistryEntry !== NULL) {
63 if (is_array($ajaxRegistryEntry)) {
64 if (isset($ajaxRegistryEntry['callbackMethod'])) {
65 $ajaxScript = $ajaxRegistryEntry['callbackMethod'];
66 $csrfTokenCheck = $ajaxRegistryEntry['csrfTokenCheck'];
67 }
68 } else {
69 // @Deprecated since 6.2 will be removed two versions later
70 $ajaxScript = $ajaxRegistryEntry;
71 }
72 }
73
74 // Instantiating the AJAX object
75 $ajaxObj = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Http\\AjaxRequestHandler', $ajaxID);
76 $ajaxParams = array();
77
78 // Evaluating the arguments and calling the AJAX method/function
79 if (empty($ajaxID)) {
80 $ajaxObj->setError('No valid ajaxID parameter given.');
81 } elseif (empty($ajaxScript)) {
82 $ajaxObj->setError('No backend function registered for ajaxID "' . $ajaxID . '".');
83 } else {
84 $success = TRUE;
85 $tokenIsValid = TRUE;
86 if ($csrfTokenCheck) {
87 $tokenIsValid = \TYPO3\CMS\Core\FormProtection\FormProtectionFactory::get()->validateToken(\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('ajaxToken'), 'ajaxCall', $ajaxID);
88 }
89 if ($tokenIsValid) {
90 // Cleanup global variable space
91 unset($csrfTokenCheck, $ajaxRegistryEntry, $tokenIsValid, $success);
92 $success = \TYPO3\CMS\Core\Utility\GeneralUtility::callUserFunction($ajaxScript, $ajaxParams, $ajaxObj, FALSE, TRUE);
93 } else {
94 $ajaxObj->setError('Invalid CSRF token detected for ajaxID "' . $ajaxID . '"!');
95 }
96 if ($success === FALSE) {
97 $ajaxObj->setError('Registered backend function for ajaxID "' . $ajaxID . '" was not found.');
98 }
99 }
100
101 // Outputting the content (and setting the X-JSON-Header)
102 $ajaxObj->render();