[SECURITY] Protect core Ajax calls against CSRF 77/27877/5
authorHelmut Hummel <helmut.hummel@typo3.org>
Wed, 26 Feb 2014 19:04:10 +0000 (20:04 +0100)
committerMarkus Klein <klein.t3@mfc-linz.at>
Fri, 28 Feb 2014 01:14:03 +0000 (02:14 +0100)
The backend ajax handler that are directly registered
in DefaultConfiguration.php are now CSRF protected
if necessary.

Resolves: #56356
Releases: 6.2
Change-Id: Ia592f7f2b51c20326600b97d2ce10a5e5fdbfde7
Reviewed-on: https://review.typo3.org/27877
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Markus Klein
Tested-by: Markus Klein
17 files changed:
typo3/js/tree.js
typo3/sysext/backend/Classes/Controller/BackendController.php
typo3/sysext/backend/Classes/Form/Element/InlineElement.php
typo3/sysext/backend/Classes/Form/FormEngine.php
typo3/sysext/backend/Classes/Template/DocumentTemplate.php
typo3/sysext/backend/Classes/Toolbar/ShortcutToolbarItem.php
typo3/sysext/backend/Resources/Public/JavaScript/DragUploader.js
typo3/sysext/backend/Resources/Public/JavaScript/jsfunc.inline.js
typo3/sysext/backend/Resources/Public/JavaScript/jsfunc.tceforms_suggest.js
typo3/sysext/backend/Resources/Public/JavaScript/modulemenu.js
typo3/sysext/backend/Resources/Public/JavaScript/shortcutmenu.js
typo3/sysext/core/Configuration/DefaultConfiguration.php
typo3/sysext/filelist/Classes/Controller/FileListController.php
typo3/sysext/frontend/Classes/Controller/ExtDirectEidController.php
typo3/sysext/recordlist/Classes/Browser/ElementBrowser.php
typo3/sysext/rtehtmlarea/Classes/BrowseLinks.php
typo3/sysext/rtehtmlarea/Classes/SelectImage.php

index d3d21c2..1c9d2b5 100644 (file)
@@ -116,8 +116,11 @@ var DragDrop = {
 
 
 var Tree = {
-       thisScript: 'ajax.php',
        ajaxID: 'SC_alt_db_navframe::expandCollapse',   // has to be either "SC_alt_db_navframe::expandCollapse" or "SC_alt_file_navframe::expandCollapse"
+       ajaxUrls: {
+               'SC_alt_file_navframe::expandCollapse': TYPO3.settings.Tree['SC_alt_file_navframe'].ajaxUrl,
+               'SC_alt_db_navframe::expandCollapse': TYPO3.settings.Tree['SC_alt_db_navframe'].ajaxUrl
+       },
        frameSetModule: null,
        activateDragDrop: true,
        highlightClass: 'active',
@@ -133,7 +136,7 @@ var Tree = {
 
                        // fallback if AJAX is not possible (e.g. IE < 6)
                if (typeof Ajax.getTransport() !== 'object') {
-                       window.location.href = this.thisScript + '?ajaxID=' + this.ajaxID + '&PM=' + encodeURIComponent(params) + scope;
+                       window.location.href = this.ajaxUrls[this.ajaxID] + '&PM=' + encodeURIComponent(params) + scope;
                        return;
                }
 
@@ -153,10 +156,9 @@ var Tree = {
                } else {
                        obj.style.cursor = 'wait';
                }
-               
-               var call = new Ajax.Request(this.thisScript, {
+               var call = new Ajax.Request(this.ajaxUrls[this.ajaxID], {
                        method: 'get',
-                       parameters: 'ajaxID=' + this.ajaxID + '&PM=' + encodeURIComponent(params) + scope,
+                       parameters: 'PM=' + encodeURIComponent(params) + scope,
                        onComplete: function(xhr) {
                                // the parent node needs to be overwritten, not the object
                                $(obj.parentNode.parentNode).replace(xhr.responseText);
index 7f35cb9..a272061 100644 (file)
@@ -81,6 +81,13 @@ class BackendController {
        protected $pageRenderer;
 
        /**
+        * @return \TYPO3\CMS\Core\Page\PageRenderer
+        */
+       public function getPageRenderer() {
+               return $this->pageRenderer;
+       }
+
+       /**
         * Constructor
         */
        public function __construct() {
@@ -96,6 +103,8 @@ class BackendController {
                $this->pageRenderer->enableExtJSQuickTips();
                $this->pageRenderer->addJsInlineCode('consoleOverrideWithDebugPanel', '//already done', FALSE);
                $this->pageRenderer->addExtDirectCode();
+               $this->pageRenderer->addInlineSetting('ModuleMenu.getData', 'ajaxUrl', BackendUtility::getAjaxUrl('ModuleMenu::getData'));
+               $this->pageRenderer->addInlineSetting('ModuleMenu.saveMenuState', 'ajaxUrl', BackendUtility::getAjaxUrl('ModuleMenu::saveMenuState'));
                // Add default BE javascript
                $this->js = '';
                $this->jsFiles = array(
@@ -608,10 +617,11 @@ class BackendController {
        }
 
        /**
-        * Sdds a javascript snippet to the backend
+        * Adds a javascript snippet to the backend
         *
         * @param string $javascript Javascript snippet
         * @return void
+        * @throws \InvalidArgumentException
         */
        public function addJavascript($javascript) {
                // TODO do we need more checks?
@@ -672,6 +682,7 @@ class BackendController {
         * @param string $toolbarItemName Toolbar item name, f.e. tx_toolbarExtension_coolItem
         * @param string $toolbarItemClassName Toolbar item class name, f.e. tx_toolbarExtension_coolItem
         * @return void
+        * @throws \UnexpectedValueException
         */
        public function addToolbarItem($toolbarItemName, $toolbarItemClassName) {
                $toolbarItem = GeneralUtility::makeInstance($toolbarItemClassName, $this);
index 0c2d896..7180605 100644 (file)
@@ -938,6 +938,7 @@ class InlineElement {
                $pageRenderer = $GLOBALS['SOBE']->doc->getPageRenderer();
                $pageRenderer->loadRequireJsModule('TYPO3/CMS/Filelist/FileListLocalisation');
                $pageRenderer->loadRequireJsModule('TYPO3/CMS/Backend/DragUploader');
+               $pageRenderer->addInlineSetting('DragUploader', 'ajaxUrl', BackendUtility::getAjaxUrl('TYPO3_tcefile::process'));
                $pageRenderer->addInlineLanguagelabelFile(
                        \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extPath('lang') . 'locallang_core.xlf',
                        'file_upload'
index bf46d2b..c01e5a6 100644 (file)
@@ -5548,8 +5548,7 @@ TBE_EDITOR.customEvalFunctions[\'' . $evalData . '\'] = function(value) {
                        if ($this->loadMD5_JS) {
                                $this->loadJavascriptLib('sysext/backend/Resources/Public/JavaScript/md5.js');
                        }
-                       /** @var $pageRenderer \TYPO3\CMS\Core\Page\PageRenderer */
-                       $pageRenderer = $GLOBALS['SOBE']->doc->getPageRenderer();
+                       $pageRenderer = $this->getPageRenderer();
                        // load the main module for FormEngine with all important JS functions
                        $pageRenderer->loadRequireJsModule('TYPO3/CMS/Backend/FormEngine');
                        $pageRenderer->loadPrototype();
@@ -5584,6 +5583,10 @@ TBE_EDITOR.customEvalFunctions[\'' . $evalData . '\'] = function(value) {
                                // We want to load jQuery-ui inside our js. Enable this using requirejs.
                                $pageRenderer->loadRequireJs();
                                $this->loadJavascriptLib('sysext/backend/Resources/Public/JavaScript/jsfunc.inline.js');
+                               $pageRenderer->addInlineSetting('TCEFORMS.Inline.setExpandedCollapsedState', 'ajaxUrl', BackendUtility::getAjaxUrl('t3lib_TCEforms_inline::setExpandedCollapsedState'));
+                               $pageRenderer->addInlineSetting('TCEFORMS.Inline.synchronizeLocalizeRecords', 'ajaxUrl', BackendUtility::getAjaxUrl('t3lib_TCEforms_inline::synchronizeLocalizeRecords'));
+                               $pageRenderer->addInlineSetting('TCEFORMS.Inline.getRecordDetails', 'ajaxUrl', BackendUtility::getAjaxUrl('t3lib_TCEforms_inline::getRecordDetails'));
+                               $pageRenderer->addInlineSetting('TCEFORMS.Inline.createNewRecord', 'ajaxUrl', BackendUtility::getAjaxUrl('t3lib_TCEforms_inline::createNewRecord'));
                                $out .= '
                                inline.setPrependFormFieldNames("' . $this->inline->prependNaming . '");
                                inline.setNoTitleString("' . addslashes(BackendUtility::getNoRecordTitle(TRUE)) . '");
@@ -5591,11 +5594,13 @@ TBE_EDITOR.customEvalFunctions[\'' . $evalData . '\'] = function(value) {
                                // Always include JS functions for Suggest fields as we don't know what will come
                                $this->loadJavascriptLib('sysext/backend/Resources/Public/JavaScript/jsfunc.tceforms_suggest.js');
                                $this->loadJavascriptLib('sysext/backend/Resources/Public/JavaScript/jsfunc.tceforms_selectboxfilter.js');
+                               $pageRenderer->addInlineSetting('TCEFORMS.Suggest', 'ajaxUrl', BackendUtility::getAjaxUrl('t3lib_TCEforms_suggest::searchRecord'));
                        } else {
                                // If Suggest fields were processed, add the JS functions
                                if ($this->suggest->suggestCount > 0) {
                                        $pageRenderer->loadScriptaculous();
                                        $this->loadJavascriptLib('sysext/backend/Resources/Public/JavaScript/jsfunc.tceforms_suggest.js');
+                                       $pageRenderer->addInlineSetting('TCEFORMS.Suggest', 'ajaxUrl', BackendUtility::getAjaxUrl('t3lib_TCEforms_suggest::searchRecord'));
                                }
                                if ($this->multiSelectFilterCount > 0) {
                                        $pageRenderer->loadScriptaculous();
@@ -5795,6 +5800,15 @@ TBE_EDITOR.customEvalFunctions[\'' . $evalData . '\'] = function(value) {
                $GLOBALS['SOBE']->doc->loadJavascriptLib($lib);
        }
 
+       /**
+        * Wrapper for access to the current page renderer object
+        *
+        * @return \TYPO3\CMS\Core\Page\PageRenderer
+        */
+       protected function getPageRenderer() {
+               return $GLOBALS['SOBE']->doc->getPageRenderer();
+       }
+
        /********************************************
         *
         * Various helper functions
index 768153c..ee9185b 100644 (file)
@@ -1575,6 +1575,8 @@ class DocumentTemplate {
                $this->pageRenderer->loadPrototype();
                $this->loadJavascriptLib('sysext/backend/Resources/Public/JavaScript/common.js');
                $this->loadJavascriptLib('js/tree.js');
+               $this->getPageRenderer()->addInlineSetting('Tree.SC_alt_db_navframe', 'ajaxUrl', BackendUtility::getAjaxUrl('SC_alt_db_navframe::expandCollapse'));
+               $this->getPageRenderer()->addInlineSetting('Tree.SC_alt_file_navframe', 'ajaxUrl', BackendUtility::getAjaxUrl('SC_alt_file_navframe::expandCollapse'));
                // Setting prefs for drag & drop
                $this->JScodeArray['dragdrop'] = '
                        DragDrop.changeURL = "' . $this->backPath . 'alt_clickmenu.php";
index f83d700..c67d309 100644 (file)
@@ -228,6 +228,11 @@ class ShortcutToolbarItem implements \TYPO3\CMS\Backend\Toolbar\ToolbarItemHookI
         */
        protected function addJavascriptToBackend() {
                $this->backendReference->addJavascriptFile('sysext/backend/Resources/Public/JavaScript/shortcutmenu.js');
+               $this->backendReference->getPageRenderer()->addInlineSetting('ShortcutMenu.saveShortcut', 'ajaxUrl', BackendUtility::getAjaxUrl('ShortcutMenu::saveShortcut'));
+               $this->backendReference->getPageRenderer()->addInlineSetting('ShortcutMenu.delete', 'ajaxUrl', BackendUtility::getAjaxUrl('ShortcutMenu::delete'));
+               $this->backendReference->getPageRenderer()->addInlineSetting('ShortcutMenu.getGroups', 'ajaxUrl', BackendUtility::getAjaxUrl('ShortcutMenu::getGroups'));
+               $this->backendReference->getPageRenderer()->addInlineSetting('ShortcutMenu.render', 'ajaxUrl', BackendUtility::getAjaxUrl('ShortcutMenu::render'));
+               $this->backendReference->getPageRenderer()->addInlineSetting('ShortcutMenu.create', 'ajaxUrl', BackendUtility::getAjaxUrl('ShortcutMenu::create'));
        }
 
        /**
index 74cb01e..2f0aab2 100644 (file)
@@ -62,7 +62,7 @@ define('TYPO3/CMS/Backend/DragUploader', ['jquery'], function($) {
                        event.stopPropagation();
                        event.preventDefault();
                        me.$dropzone.hide();
-               }
+               };
 
                me.dragFileIntoDocument = function(event) {
                        event.stopPropagation();
@@ -321,12 +321,11 @@ define('TYPO3/CMS/Backend/DragUploader', ['jquery'], function($) {
                        if(me.override) {
                                formData.append('overwriteExistingFiles', '1');
                        }
-                       formData.append('ajaxID', 'TYPO3_tcefile::process');
                        formData.append('redirect', '');
                        formData.append('upload_1', me.file);
 
                        var s = $.extend(true, {}, $.ajaxSettings, {
-                               url: 'ajax.php',
+                               url: TYPO3.settings.DragUploader.ajaxUrl,
                                contentType: false,
                                processData: false,
                                data: formData,
index 9296116..2d6d34e 100644 (file)
@@ -191,8 +191,8 @@ var inline = {
        makeAjaxCall: function(method, params, lock, context) {
                var max, url='', urlParams='', options={};
                if (method && params && params.length && this.lockAjaxMethod(method, lock)) {
-                       url = TBE_EDITOR.getBackendPath() + 'ajax.php';
-                       urlParams = '&ajaxID=' + encodeURIComponent('t3lib_TCEforms_inline::' + method);
+                       url = TBE_EDITOR.getBackendPath() + TYPO3.settings.TCEFORMS.Inline[method].ajaxUrl;
+                       urlParams = '';
                        for (var i=0, max=params.length; i<max; i++) {
                                urlParams += '&ajax[' + i + ']=' + encodeURIComponent(params[i]);
                        }
index cc38d24..5caefec 100644 (file)
@@ -60,11 +60,11 @@ TCEForms.Suggest = Class.create({
                this.suggestResultList = objectId + 'SuggestChoices';
                this.fieldType = fieldType;
 
-               new Ajax.Autocompleter(this.suggestField, this.suggestResultList, PATH_typo3 + 'ajax.php', {
+               new Ajax.Autocompleter(this.suggestField, this.suggestResultList, PATH_typo3 + TYPO3.settings.TCEFORMS.Suggest.ajaxUrl, {
                                paramName: 'value',
                                minChars: (minimumCharacters ? minimumCharacters : this.minimumCharacters),
                                updateElement: this.addElementToList.bind(this),
-                               parameters: 'ajaxID=t3lib_TCEforms_suggest::searchRecord&table=' + table + '&field=' + field + '&uid=' + uid + '&pid=' + pid,
+                               parameters: 'table=' + table + '&field=' + field + '&uid=' + uid + '&pid=' + pid,
                                indicator: objectId + 'SuggestIndicator'
                        }
                );
index 2ed89e9..0663943 100644 (file)
@@ -47,7 +47,7 @@ TYPO3.ModuleMenu.Store = new Ext.data.JsonStore({
                {name: 'subitems', type: 'int'},
                'sub'
        ],
-       url: 'ajax.php?ajaxID=ModuleMenu::getData',
+       url: TYPO3.settings.ModuleMenu.getData.ajaxUrl,
        baseParams: {
                'action': 'getModules'
        },
@@ -165,7 +165,7 @@ TYPO3.ModuleMenu.App = {
                                                }
                                                // save menu state
                                                Ext.Ajax.request({
-                                                       url: 'ajax.php?ajaxID=ModuleMenu::saveMenuState',
+                                                       url: TYPO3.settings.ModuleMenu.saveMenuState.ajaxUrl,
                                                        params: {
                                                                'menuid': 'modmenu_' + id,
                                                                'state': state
index ec7b50a..f505bbd 100644 (file)
@@ -58,7 +58,7 @@ var ShortcutMenu = Class.create({
                        var shortcutId = element.up('tr.shortcut').identify().slice(9);
 
                                // map InPlaceEditor to edit icons
-                       var edit = new Ajax.InPlaceEditor('shortcut-label-' + shortcutId, 'ajax.php?ajaxID=ShortcutMenu::saveShortcut', {
+                       var edit = new Ajax.InPlaceEditor('shortcut-label-' + shortcutId, TYPO3.settings.ShortcutMenu.saveShortcut.ajaxUrl, {
                                externalControl     : 'shortcut-edit-' + shortcutId,
                                externalControlOnly : true,
                                highlightcolor      : '#f9f9f9',
@@ -91,8 +91,8 @@ var ShortcutMenu = Class.create({
                                        var deleteControl = event.element();
                                        var shortcutId = deleteControl.up('tr.shortcut').identify().slice(9);
 
-                                       var del = new Ajax.Request('ajax.php', {
-                                               parameters : 'ajaxID=ShortcutMenu::delete&shortcutId=' + shortcutId,
+                                       var del = new Ajax.Request(TYPO3.settings.ShortcutMenu.delete.ajaxUrl, {
+                                               parameters : '&shortcutId=' + shortcutId,
                                                onComplete : this.reRenderMenu.bind(this)
                                        });
                                }
@@ -158,9 +158,8 @@ var ShortcutMenu = Class.create({
                selectField.appendChild(option);
 
                        // get the groups
-               var getGroups = new Ajax.Request('ajax.php', {
+               var getGroups = new Ajax.Request(TYPO3.settings.ShortcutMenu.getGroups.ajaxUrl, {
                        method: 'get',
-                       parameters: 'ajaxID=ShortcutMenu::getGroups',
                        asynchronous: false, // needs to be synchronous to build the options before adding the selectfield
                        requestHeaders: {Accept: 'application/json'},
                        onSuccess: function(transport, json) {
@@ -202,9 +201,8 @@ var ShortcutMenu = Class.create({
 
                var render = new Ajax.Updater(
                        container,
-                       backPath + 'ajax.php',
+                       backPath + TYPO3.settings.ShortcutMenu.render.ajaxUrl,
                        {
-                               parameters : 'ajaxID=ShortcutMenu::render',
                                asynchronous : false
                        }
                );
@@ -227,10 +225,10 @@ var ShortcutMenu = Class.create({
                var spinner = new Element('span').addClassName('spinner');
                var oldIcon = toolbarItemIcon.replace(spinner);
 
-                       // synchrous call to wait for it to complete and call the render
-                       // method with backpath _afterwards_
-               var call = new Ajax.Request(backPath + 'ajax.php', {
-                       parameters : 'ajaxID=ShortcutMenu::create&module=' + moduleName + '&url=' + url,
+               // synchrous call to wait for it to complete and call the render
+               // method with backpath _afterwards_
+               var call = new Ajax.Request(backPath + TYPO3.settings.ShortcutMenu.create.ajaxUrl, {
+                       parameters : 'module=' + moduleName + '&url=' + url,
                        asynchronous : false
                });
 
index 49bd89b..235e422 100644 (file)
@@ -633,29 +633,101 @@ return array(
                'spriteIconGenerator_handler' => 'TYPO3\\CMS\\Backend\\Sprite\\SimpleSpriteHandler',            // String: Used to register own/other spriteGenerating Handler, they have to implement the interface \TYPO3\CMS\Backend\Sprite\SpriteIconGeneratorInterface. If set to "\TYPO3\CMS\Backend\Sprite\SpriteBuildingHandler" icons from extensions will automatically merged into sprites.
                'debug' => FALSE,                                                                       // Boolean: If set, the loginrefresh is disabled and pageRenderer is set to debug mode. Use this to debug the backend only!
                'AJAX' => array(                                                                        // array of key-value pairs for a unified use of AJAX calls in the TYPO3 backend. Keys are the unique ajaxIDs where the value will be resolved to call a method in an object. See ajax.php for more information.
-                       'SC_alt_db_navframe::expandCollapse' => 'TYPO3\\CMS\\Backend\\Controller\\PageTreeNavigationController->ajaxExpandCollapse',
-                       'SC_alt_file_navframe::expandCollapse' => 'TYPO3\\CMS\\Backend\\Controller\\FileSystemNavigationFrameController->ajaxExpandCollapse',
-                       'TYPO3_tcefile::process' => 'TYPO3\\CMS\\Backend\\Controller\\File\\FileController->processAjaxRequest',
-                       't3lib_TCEforms_inline::createNewRecord' => 'TYPO3\\CMS\\Backend\\Form\\Element\\InlineElement->processAjaxRequest',
-                       't3lib_TCEforms_inline::getRecordDetails' => 'TYPO3\\CMS\\Backend\\Form\\Element\\InlineElement->processAjaxRequest',
-                       't3lib_TCEforms_inline::synchronizeLocalizeRecords' => 'TYPO3\\CMS\\Backend\\Form\\Element\\InlineElement->processAjaxRequest',
-                       't3lib_TCEforms_inline::setExpandedCollapsedState' => 'TYPO3\\CMS\\Backend\\Form\\Element\\InlineElement->processAjaxRequest',
-                       't3lib_TCEforms_suggest::searchRecord' => 'TYPO3\\CMS\\Backend\\Form\\Element\\SuggestElement->processAjaxRequest',
-                       'ShortcutMenu::getGroups' => 'TYPO3\\CMS\\Backend\\Toolbar\\ShortcutToolbarItem->getAjaxShortcutGroups',
-                       'ShortcutMenu::saveShortcut' => 'TYPO3\\CMS\\Backend\\Toolbar\\ShortcutToolbarItem->setAjaxShortcut',
-                       'ShortcutMenu::render' => 'TYPO3\\CMS\\Backend\\Toolbar\\ShortcutToolbarItem->renderAjax',
-                       'ShortcutMenu::delete' => 'TYPO3\\CMS\\Backend\\Toolbar\\ShortcutToolbarItem->deleteAjaxShortcut',
-                       'ShortcutMenu::create' => 'TYPO3\\CMS\\Backend\\Toolbar\\ShortcutToolbarItem->createAjaxShortcut',
-                       'ModuleMenu::saveMenuState' => 'TYPO3\\CMS\\Backend\\View\\ModuleMenuView->saveMenuState',
-                       'ModuleMenu::getData' => 'TYPO3\\CMS\\Backend\\View\\ModuleMenuView->getModuleData',
-                       'BackendLogin::login' => 'TYPO3\\CMS\\Backend\\AjaxLoginHandler->login',
-                       'BackendLogin::logout' => 'TYPO3\\CMS\\Backend\\AjaxLoginHandler->logout',
-                       'BackendLogin::refreshLogin' => 'TYPO3\\CMS\\Backend\\AjaxLoginHandler->refreshLogin',
-                       'BackendLogin::isTimedOut' => 'TYPO3\\CMS\\Backend\\AjaxLoginHandler->isTimedOut',
-                       'BackendLogin::getChallenge' => 'TYPO3\\CMS\\Backend\\AjaxLoginHandler->getChallenge',
-                       'BackendLogin::refreshTokens' => 'TYPO3\\CMS\\Backend\\AjaxLoginHandler->refreshTokens',
-                       'ExtDirect::getAPI' => 'TYPO3\\CMS\\Core\\ExtDirect\\ExtDirectApi->getAPI',
-                       'ExtDirect::route' => 'TYPO3\\CMS\\Core\\ExtDirect\\ExtDirectRouter->route'
+                       'SC_alt_db_navframe::expandCollapse' => array(
+                               'callbackMethod' => 'TYPO3\\CMS\\Backend\\Controller\\PageTreeNavigationController->ajaxExpandCollapse',
+                               'csrfTokenCheck' => TRUE
+                       ),
+                       'SC_alt_file_navframe::expandCollapse' => array(
+                               'callbackMethod' => 'TYPO3\\CMS\\Backend\\Controller\\FileSystemNavigationFrameController->ajaxExpandCollapse',
+                               'csrfTokenCheck' => TRUE
+                       ),
+                       'TYPO3_tcefile::process' => array(
+                               'callbackMethod' => 'TYPO3\\CMS\\Backend\\Controller\\File\\FileController->processAjaxRequest',
+                               'csrfTokenCheck' => TRUE
+                       ),
+                       't3lib_TCEforms_inline::createNewRecord' => array(
+                               'callbackMethod' => 'TYPO3\\CMS\\Backend\\Form\\Element\\InlineElement->processAjaxRequest',
+                               'csrfTokenCheck' => TRUE
+                       ),
+                       't3lib_TCEforms_inline::getRecordDetails' => array(
+                               'callbackMethod' => 'TYPO3\\CMS\\Backend\\Form\\Element\\InlineElement->processAjaxRequest',
+                               'csrfTokenCheck' => TRUE
+                       ),
+                       't3lib_TCEforms_inline::synchronizeLocalizeRecords' => array(
+                               'callbackMethod' => 'TYPO3\\CMS\\Backend\\Form\\Element\\InlineElement->processAjaxRequest',
+                               'csrfTokenCheck' => TRUE
+                       ),
+                       't3lib_TCEforms_inline::setExpandedCollapsedState' => array(
+                               'callbackMethod' => 'TYPO3\\CMS\\Backend\\Form\\Element\\InlineElement->processAjaxRequest',
+                               'csrfTokenCheck' => TRUE
+                       ),
+                       't3lib_TCEforms_suggest::searchRecord' => array(
+                               'callbackMethod' => 'TYPO3\\CMS\\Backend\\Form\\Element\\SuggestElement->processAjaxRequest',
+                               'csrfTokenCheck' => TRUE
+                       ),
+                       'ShortcutMenu::getGroups' => array(
+                               'callbackMethod' => 'TYPO3\\CMS\\Backend\\Toolbar\\ShortcutToolbarItem->getAjaxShortcutGroups',
+                               'csrfTokenCheck' => TRUE
+                       ),
+                       'ShortcutMenu::saveShortcut' => array(
+                               'callbackMethod' => 'TYPO3\\CMS\\Backend\\Toolbar\\ShortcutToolbarItem->setAjaxShortcut',
+                               'csrfTokenCheck' => TRUE
+                       ),
+                       'ShortcutMenu::render' => array(
+                               'callbackMethod' => 'TYPO3\\CMS\\Backend\\Toolbar\\ShortcutToolbarItem->renderAjax',
+                               'csrfTokenCheck' => TRUE
+                       ),
+                       'ShortcutMenu::delete' => array(
+                               'callbackMethod' => 'TYPO3\\CMS\\Backend\\Toolbar\\ShortcutToolbarItem->deleteAjaxShortcut',
+                               'csrfTokenCheck' => TRUE
+                       ),
+                       'ShortcutMenu::create' => array(
+                               'callbackMethod' => 'TYPO3\\CMS\\Backend\\Toolbar\\ShortcutToolbarItem->createAjaxShortcut',
+                               'csrfTokenCheck' => TRUE
+                       ),
+                       'ModuleMenu::saveMenuState' => array(
+                               'callbackMethod' => 'TYPO3\\CMS\\Backend\\View\\ModuleMenuView->saveMenuState',
+                               'csrfTokenCheck' => TRUE
+                       ),
+                       'ModuleMenu::getData' => array(
+                               'callbackMethod' => 'TYPO3\\CMS\\Backend\\View\\ModuleMenuView->getModuleData',
+                               'csrfTokenCheck' => TRUE
+                       ),
+                       'BackendLogin::login' => array(
+                               'callbackMethod' => 'TYPO3\\CMS\\Backend\\AjaxLoginHandler->login',
+                               // Needs to be unprotected
+                               'csrfTokenCheck' => FALSE
+                       ),
+                       'BackendLogin::logout' => array(
+                               'callbackMethod' => 'TYPO3\\CMS\\Backend\\AjaxLoginHandler->logout',
+                               // Needs to be unprotected
+                               'csrfTokenCheck' => FALSE
+                       ),
+                       'BackendLogin::refreshLogin' => array(
+                               'callbackMethod' => 'TYPO3\\CMS\\Backend\\AjaxLoginHandler->refreshLogin',
+                               // Needs to be unprotected
+                               'csrfTokenCheck' => FALSE
+                       ),
+                       'BackendLogin::isTimedOut' => array(
+                               'callbackMethod' => 'TYPO3\\CMS\\Backend\\AjaxLoginHandler->isTimedOut',
+                               // Needs to be unprotected
+                               'csrfTokenCheck' => FALSE
+                       ),
+                       'BackendLogin::getChallenge' => array(
+                               'callbackMethod' => 'TYPO3\\CMS\\Backend\\AjaxLoginHandler->getChallenge',
+                               // Needs to be unprotected
+                               'csrfTokenCheck' => FALSE
+                       ),
+                       'ExtDirect::getAPI' => array(
+                               'callbackMethod' => 'TYPO3\\CMS\\Core\\ExtDirect\\ExtDirectApi->getAPI',
+                               // No need to be CSRF protected
+                               'csrfTokenCheck' => FALSE
+                       ),
+                       'ExtDirect::route' => array(
+                               'callbackMethod' => 'TYPO3\\CMS\\Core\\ExtDirect\\ExtDirectRouter->route',
+                               // All ExtJS calls are CSRF protected with another token
+                               'csrfTokenCheck' => FALSE
+                       ),
                ),
                'XCLASS' => array()
        ),
index 9bcefb3..806ab0c 100644 (file)
@@ -236,6 +236,7 @@ class FileListController {
                $pageRenderer->loadJQuery();
                $pageRenderer->loadRequireJsModule('TYPO3/CMS/Backend/DragUploader');
                $pageRenderer->loadRequireJsModule('TYPO3/CMS/Filelist/FileListLocalisation');
+               $pageRenderer->addInlineSetting('DragUploader', 'ajaxUrl', BackendUtility::getAjaxUrl('TYPO3_tcefile::process'));
                $pageRenderer->addInlineLanguagelabelFile(
                        \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extPath('lang') . 'locallang_core.xlf',
                        'file_upload'
index daf4ede..4e031a5 100644 (file)
@@ -36,7 +36,7 @@ class ExtDirectEidController {
         *
         * @var \TYPO3\CMS\Core\Http\AjaxRequestHandler
         */
-       protected $ajaxObjext = NULL;
+       protected $ajaxObject = NULL;
 
        /**
         * Routes the given eID action to the related ExtDirect method with the necessary
@@ -47,7 +47,7 @@ class ExtDirectEidController {
        public function routeAction() {
                \TYPO3\CMS\Frontend\Utility\EidUtility::initLanguage();
                $ajaxID = \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('action');
-               $ajaxScript = $GLOBALS['TYPO3_CONF_VARS']['BE']['AJAX']['ExtDirect::' . $ajaxID];
+               $ajaxScript = $GLOBALS['TYPO3_CONF_VARS']['BE']['AJAX']['ExtDirect::' . $ajaxID]['callbackMethod'];
                $this->ajaxObject = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Http\\AjaxRequestHandler', 'ExtDirect::' . $ajaxID);
                $parameters = array();
                \TYPO3\CMS\Core\Utility\GeneralUtility::callUserFunction($ajaxScript, $parameters, $this->ajaxObject, FALSE, TRUE);
index 1943aa1..cd4683c 100644 (file)
@@ -279,6 +279,8 @@ class ElementBrowser {
                $this->doc->getPageRenderer()->loadPrototype();
                $this->doc->loadJavascriptLib('js/browse_links.js');
                $this->doc->loadJavascriptLib('js/tree.js');
+               $this->doc->getPageRenderer()->addInlineSetting('Tree.SC_alt_db_navframe', 'ajaxUrl', BackendUtility::getAjaxUrl('SC_alt_db_navframe::expandCollapse'));
+               $this->doc->getPageRenderer()->addInlineSetting('Tree.SC_alt_file_navframe', 'ajaxUrl', BackendUtility::getAjaxUrl('SC_alt_file_navframe::expandCollapse'));
                // init hook objects:
                $this->hookObjects = array();
                if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/class.browse_links.php']['browseLinksHook'])) {
index d4fef8e..886a4f3 100644 (file)
@@ -1,6 +1,7 @@
 <?php
 namespace TYPO3\CMS\Rtehtmlarea;
 
+use TYPO3\CMS\Backend\Utility\BackendUtility;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 
 /**
@@ -66,6 +67,8 @@ class BrowseLinks extends \TYPO3\CMS\Recordlist\Browser\ElementBrowser {
                // Loading the Prototype library and browse_links.js
                $this->doc->getPageRenderer()->loadPrototype();
                $this->doc->loadJavascriptLib('js/tree.js');
+               $this->doc->getPageRenderer()->addInlineSetting('Tree.SC_alt_db_navframe', 'ajaxUrl', BackendUtility::getAjaxUrl('SC_alt_db_navframe::expandCollapse'));
+               $this->doc->getPageRenderer()->addInlineSetting('Tree.SC_alt_file_navframe', 'ajaxUrl', BackendUtility::getAjaxUrl('SC_alt_file_navframe::expandCollapse'));
                $this->doc->loadJavascriptLib('js/browse_links.js');
                // Adding context menu code
                $this->doc->getContextMenuCode();
index c314295..d4734cf 100644 (file)
@@ -28,6 +28,7 @@ namespace TYPO3\CMS\Rtehtmlarea;
  *  This copyright notice MUST APPEAR in all copies of the script!
  ***************************************************************/
 
+use TYPO3\CMS\Backend\Utility\BackendUtility;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 use TYPO3\CMS\Core\Resource;
 
@@ -114,6 +115,8 @@ class SelectImage extends \TYPO3\CMS\Recordlist\Browser\ElementBrowser {
                // Load the Prototype library and browse_links.js
                $this->doc->getPageRenderer()->loadPrototype();
                $this->doc->loadJavascriptLib('js/tree.js');
+               $this->doc->getPageRenderer()->addInlineSetting('Tree.SC_alt_db_navframe', 'ajaxUrl', BackendUtility::getAjaxUrl('SC_alt_db_navframe::expandCollapse'));
+               $this->doc->getPageRenderer()->addInlineSetting('Tree.SC_alt_file_navframe', 'ajaxUrl', BackendUtility::getAjaxUrl('SC_alt_file_navframe::expandCollapse'));
                $this->doc->loadJavascriptLib('js/browse_links.js');
                $this->doc->JScode .= $this->doc->wrapScriptTags('
                        Tree.ajaxID = "SC_alt_file_navframe::expandCollapse";