* All rights reserved * * This script is part of the TYPO3 project. The TYPO3 project is * free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * The GNU General Public License can be found at * http://www.gnu.org/copyleft/gpl.html. * A copy is found in the textfile GPL.txt and important notices to the license * from the author is found in LICENSE.txt distributed with these scripts. * * * This script is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * This copyright notice MUST APPEAR in all copies of the script! ***************************************************************/ /** * Install tool ajax controller, handles ajax requests * */ class AjaxController extends AbstractController { /** * @var string */ protected $unauthorized = 'unauthorized'; /** * @var array List of valid action names that need authentication */ protected $authenticationActions = array( 'extensionCompatibilityTester', 'uninstallExtension', 'clearCache' ); /** * Main entry point * * @return void */ public function execute() { $this->loadBaseExtensions(); $this->initializeObjectManager(); // Warning: Order of these methods is security relevant and interferes with different access // conditions (new/existing installation). See the single method comments for details. $this->checkInstallToolEnabled(); $this->checkInstallToolPasswordNotSet(); $this->initializeSession(); $this->checkSessionToken(); $this->checkSessionLifetime(); $this->checkLogin(); $this->dispatchAuthenticationActions(); } /** * Check whether the install tool is enabled * * @return void */ protected function checkInstallToolEnabled() { if (is_dir(PATH_typo3conf)) { /** @var \TYPO3\CMS\Install\Service\EnableFileService $installToolEnableService */ $installToolEnableService = $this->objectManager->get('TYPO3\\CMS\\Install\\Service\\EnableFileService'); if (!$installToolEnableService->checkInstallToolEnableFile()) { $this->output($this->unauthorized); } } } /** * Check if the install tool password is set * * @return void */ protected function checkInstallToolPasswordNotSet() { if (empty($GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'])) { $this->output($this->unauthorized); } } /** * Check login status * * @return void */ protected function checkLogin() { if (!$this->session->isAuthorized()) { $this->output($this->unauthorized); } else { $this->session->refreshSession(); } } /** * Overwrites abstract method * In contrast to abstract method, a response "you are not authorized is outputted" * * @param boolean $tokenOk * @return void */ protected function handleSessionTokenCheck($tokenOk) { if (!$tokenOk) { $this->output($this->unauthorized); } } /** * Overwrites abstract method * In contrast to abstract method, a response "you are not authorized is outputted" * * @return void */ protected function handleSessionLifeTimeExpired() { $this->output($this->unauthorized); } /** * Call an action that needs authentication * * @throws Exception * @return string Rendered content */ protected function dispatchAuthenticationActions() { $action = $this->getAction(); if ($action === '') { $this->output('noAction'); } $this->validateAuthenticationAction($action); $actionClass = ucfirst($action); /** @var \TYPO3\CMS\Install\Controller\Action\ActionInterface $toolAction */ $toolAction = $this->objectManager->get('TYPO3\\CMS\\Install\\Controller\\Action\\Ajax\\' . $actionClass); if (!($toolAction instanceof \TYPO3\CMS\Install\Controller\Action\ActionInterface)) { throw new Exception( $action . ' does not implement ActionInterface', 1369474308 ); } $toolAction->setController('ajax'); $toolAction->setAction($action); $toolAction->setToken($this->generateTokenForAction($action)); $toolAction->setPostValues($this->getPostValues()); $this->output($toolAction->handle()); } /** * Output content. * WARNING: This exits the script execution! * * @param string $content Content to output */ protected function output($content = '') { header('Content-Type: text/html; charset=utf-8'); header('Cache-Control: no-cache, must-revalidate'); header('Pragma: no-cache'); echo $content; die; } } ?>