[TASK] Update to latest class alias loader version
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / Http / Application.php
index 01ebd90..b7e5d49 100644 (file)
@@ -15,7 +15,7 @@ namespace TYPO3\CMS\Backend\Http;
  */
 use TYPO3\CMS\Core\Core\ApplicationInterface;
 use TYPO3\CMS\Core\Core\Bootstrap;
-
+use TYPO3\CMS\Core\Utility\GeneralUtility;
 
 /**
  * Entry point for the TYPO3 Backend (HTTP requests)
@@ -33,6 +33,11 @@ class Application implements ApplicationInterface {
        protected $entryPointPath = 'typo3/';
 
        /**
+        * @var \Psr\Http\Message\ServerRequestInterface
+        */
+       protected $request;
+
+       /**
         * All available request handlers that can handle backend requests (non-CLI)
         * @var array
         */
@@ -45,7 +50,7 @@ class Application implements ApplicationInterface {
        /**
         * Constructor setting up legacy constant and register available Request Handlers
         *
-        * @param \Composer\Autoload\ClassLoader|\Helhum\ClassAliasLoader\Composer\ClassAliasLoader $classLoader an instance of the class loader
+        * @param \Composer\Autoload\ClassLoader $classLoader an instance of the class loader
         */
        public function __construct($classLoader) {
                $this->defineLegacyConstants();
@@ -65,6 +70,16 @@ class Application implements ApplicationInterface {
                foreach ($this->availableRequestHandlers as $requestHandler) {
                        $this->bootstrap->registerRequestHandlerImplementation($requestHandler);
                }
+
+               $this->request = \TYPO3\CMS\Core\Http\ServerRequestFactory::fromGlobals();
+               // see below when this option is set
+               if ($GLOBALS['TYPO3_AJAX']) {
+                       $this->request = $this->request->withAttribute('isAjaxRequest', TRUE);
+               } elseif (isset($this->request->getQueryParams()['M'])) {
+                       $this->request = $this->request->withAttribute('isModuleRequest', TRUE);
+               }
+
+               $this->bootstrap->configure();
        }
 
        /**
@@ -74,7 +89,7 @@ class Application implements ApplicationInterface {
         * @return void
         */
        public function run(callable $execute = NULL) {
-               $this->bootstrap->run();
+               $this->bootstrap->handleRequest($this->request);
 
                if ($execute !== NULL) {
                        if ($execute instanceof \Closure) {
@@ -97,14 +112,14 @@ class Application implements ApplicationInterface {
         * Define values that are based on the current script
         */
        protected function defineAdditionalEntryPointRelatedConstants() {
-               $currentScript = \TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('SCRIPT_NAME');
+               $currentScript = GeneralUtility::getIndpEnv('SCRIPT_NAME');
 
-               // activate "AJAX" handler when called via ajax.php
-               if (substr($currentScript, -15) === '/typo3/ajax.php') {
+               // Activate "AJAX" handler when called with the GET variable ajaxID
+               if (!empty(GeneralUtility::_GET('ajaxID'))) {
                        $GLOBALS['TYPO3_AJAX'] = TRUE;
-               }
-               // allow backend login to work
-               if (substr($currentScript, -16) === '/typo3/index.php') {
+               // The following check is security relevant! DO NOT REMOVE!
+               } elseif (empty(GeneralUtility::_GET('M')) && substr($currentScript, -16) === '/typo3/index.php') {
+                       // Allow backend login to work, disallow module access without authenticated backend user
                        define('TYPO3_PROCEED_IF_NO_USER', 1);
                }
        }