[TASK] Update to latest class alias loader version
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / Http / Application.php
index 1b9a976..b7e5d49 100644 (file)
@@ -50,7 +50,7 @@ class Application implements ApplicationInterface {
        /**
         * Constructor setting up legacy constant and register available Request Handlers
         *
-        * @param \Composer\Autoload\ClassLoader|\Helhum\ClassAliasLoader\Composer\ClassAliasLoader $classLoader an instance of the class loader
+        * @param \Composer\Autoload\ClassLoader $classLoader an instance of the class loader
         */
        public function __construct($classLoader) {
                $this->defineLegacyConstants();
@@ -75,6 +75,8 @@ class Application implements ApplicationInterface {
                // see below when this option is set
                if ($GLOBALS['TYPO3_AJAX']) {
                        $this->request = $this->request->withAttribute('isAjaxRequest', TRUE);
+               } elseif (isset($this->request->getQueryParams()['M'])) {
+                       $this->request = $this->request->withAttribute('isModuleRequest', TRUE);
                }
 
                $this->bootstrap->configure();
@@ -112,11 +114,12 @@ class Application implements ApplicationInterface {
        protected function defineAdditionalEntryPointRelatedConstants() {
                $currentScript = GeneralUtility::getIndpEnv('SCRIPT_NAME');
 
-               // activate "AJAX" handler when called with the GET variable ajaxID
-               if (GeneralUtility::_GET('ajaxID') !== NULL) {
+               // Activate "AJAX" handler when called with the GET variable ajaxID
+               if (!empty(GeneralUtility::_GET('ajaxID'))) {
                        $GLOBALS['TYPO3_AJAX'] = TRUE;
-               } elseif (substr($currentScript, -16) === '/typo3/index.php') {
-                       // allow backend login to work
+               // The following check is security relevant! DO NOT REMOVE!
+               } elseif (empty(GeneralUtility::_GET('M')) && substr($currentScript, -16) === '/typo3/index.php') {
+                       // Allow backend login to work, disallow module access without authenticated backend user
                        define('TYPO3_PROCEED_IF_NO_USER', 1);
                }
        }