[FEATURE] ext:install Verify checksum of downloaded core
[Packages/TYPO3.CMS.git] / typo3 / sysext / install / Classes / Controller / AjaxController.php
1 <?php
2 namespace TYPO3\CMS\Install\Controller;
3
4 /***************************************************************
5 * Copyright notice
6 *
7 * (c) 2013 Susanne Moog <typo3@susannemoog.de>
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 * A copy is found in the textfile GPL.txt and important notices to the license
19 * from the author is found in LICENSE.txt distributed with these scripts.
20 *
21 *
22 * This script is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
26 *
27 * This copyright notice MUST APPEAR in all copies of the script!
28 ***************************************************************/
29
30 /**
31 * Install tool ajax controller, handles ajax requests
32 *
33 */
34 class AjaxController extends AbstractController {
35
36 /**
37 * @var string
38 */
39 protected $unauthorized = 'unauthorized';
40
41 /**
42 * @var array List of valid action names that need authentication
43 */
44 protected $authenticationActions = array(
45 'extensionCompatibilityTester',
46 'uninstallExtension',
47 'clearCache',
48 'coreUpdateUpdateVersionMatrix',
49 'coreUpdateIsUpdateAvailable',
50 'coreUpdateCheckPreConditions',
51 'coreUpdateDownload',
52 'coreUpdateVerifyChecksum',
53 'coreUpdateUnpack',
54 'coreUpdateMove',
55 'coreUpdateActivate',
56 );
57
58 /**
59 * Main entry point
60 *
61 * @return void
62 */
63 public function execute() {
64 $this->loadBaseExtensions();
65 $this->initializeObjectManager();
66 // Warning: Order of these methods is security relevant and interferes with different access
67 // conditions (new/existing installation). See the single method comments for details.
68 $this->checkInstallToolEnabled();
69 $this->checkInstallToolPasswordNotSet();
70 $this->initializeSession();
71 $this->checkSessionToken();
72 $this->checkSessionLifetime();
73 $this->checkLogin();
74 $this->dispatchAuthenticationActions();
75 }
76
77 /**
78 * Check whether the install tool is enabled
79 *
80 * @return void
81 */
82 protected function checkInstallToolEnabled() {
83 if (is_dir(PATH_typo3conf)) {
84 /** @var \TYPO3\CMS\Install\Service\EnableFileService $installToolEnableService */
85 $installToolEnableService = $this->objectManager->get('TYPO3\\CMS\\Install\\Service\\EnableFileService');
86 if (!$installToolEnableService->checkInstallToolEnableFile()) {
87 $this->output($this->unauthorized);
88 }
89 }
90 }
91
92 /**
93 * Check if the install tool password is set
94 *
95 * @return void
96 */
97 protected function checkInstallToolPasswordNotSet() {
98 if (empty($GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'])) {
99 $this->output($this->unauthorized);
100 }
101 }
102
103 /**
104 * Check login status
105 *
106 * @return void
107 */
108 protected function checkLogin() {
109 if (!$this->session->isAuthorized()) {
110 $this->output($this->unauthorized);
111 } else {
112 $this->session->refreshSession();
113 }
114 }
115
116 /**
117 * Overwrites abstract method
118 * In contrast to abstract method, a response "you are not authorized is outputted"
119 *
120 * @param boolean $tokenOk
121 * @return void
122 */
123 protected function handleSessionTokenCheck($tokenOk) {
124 if (!$tokenOk) {
125 $this->output($this->unauthorized);
126 }
127 }
128
129 /**
130 * Overwrites abstract method
131 * In contrast to abstract method, a response "you are not authorized is outputted"
132 *
133 * @return void
134 */
135 protected function handleSessionLifeTimeExpired() {
136 $this->output($this->unauthorized);
137 }
138
139 /**
140 * Call an action that needs authentication
141 *
142 * @throws Exception
143 * @return string Rendered content
144 */
145 protected function dispatchAuthenticationActions() {
146 $action = $this->getAction();
147 if ($action === '') {
148 $this->output('noAction');
149 }
150 $this->validateAuthenticationAction($action);
151 $actionClass = ucfirst($action);
152 /** @var \TYPO3\CMS\Install\Controller\Action\ActionInterface $toolAction */
153 $toolAction = $this->objectManager->get('TYPO3\\CMS\\Install\\Controller\\Action\\Ajax\\' . $actionClass);
154 if (!($toolAction instanceof \TYPO3\CMS\Install\Controller\Action\ActionInterface)) {
155 throw new Exception(
156 $action . ' does not implement ActionInterface',
157 1369474308
158 );
159 }
160 $toolAction->setController('ajax');
161 $toolAction->setAction($action);
162 $toolAction->setToken($this->generateTokenForAction($action));
163 $toolAction->setPostValues($this->getPostValues());
164 $this->output($toolAction->handle());
165 }
166
167 /**
168 * Output content.
169 * WARNING: This exits the script execution!
170 *
171 * @param string $content Content to output
172 */
173 protected function output($content = '') {
174 header('Content-Type: application/json; charset=utf-8');
175 header('Cache-Control: no-cache, must-revalidate');
176 header('Pragma: no-cache');
177 echo json_encode($content);
178 die;
179 }
180 }