[TASK] Move Backend AJAX Calls to index.php 47/41247/4
authorBenjamin Mack <benni@typo3.org>
Tue, 14 Jul 2015 21:21:27 +0000 (23:21 +0200)
committerGeorg Ringer <georg.ringer@gmail.com>
Wed, 15 Jul 2015 09:34:51 +0000 (11:34 +0200)
The typo3/ajax.php entrypoint is removed in favor of
checking for ajaxID in all backend requests inside the Backend
Application.

The request object from the server is now enhanced with the
information inside the application which type is now called.

In this course, the GeneralUtility::isInternalRequestType()
is extended to return ture if no request type constant is set
due to early calls to GeneralUtility methods when building the
ServerRequest object with a Uri object.

Resolves: #68141
Releases: master
Change-Id: I27f2e4fce2007981f323d0607c2dfb0b3a17d020
Reviewed-on: http://review.typo3.org/41247
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
typo3/ajax.php
typo3/index.php
typo3/sysext/backend/Classes/Http/AjaxRequestHandler.php
typo3/sysext/backend/Classes/Http/Application.php
typo3/sysext/backend/Classes/Utility/BackendUtility.php
typo3/sysext/core/Classes/Utility/GeneralUtility.php
typo3/sysext/core/Documentation/Changelog/master/Deprecation-68141-Typo3ajaxphp.rst [new file with mode: 0644]

index da75086..deb9231 100644 (file)
@@ -20,5 +20,9 @@
  */
 call_user_func(function() {
        $classLoader = require __DIR__ . '/contrib/vendor/autoload.php';
-       (new \TYPO3\CMS\Backend\Http\Application($classLoader))->run();
+       (new \TYPO3\CMS\Backend\Http\Application($classLoader))->run(function() {
+               \TYPO3\CMS\Core\Utility\GeneralUtility::deprecationLog(
+                       'The entry point to ajax.php was moved to index.php with ajaxID given. Please use BackendUtility::getAjaxUrl(\'myAjaxKey\') to link to the AJAX Call. This script will be removed in TYPO3 CMS 8.'
+               );
+       });
 });
index 69514c7..c4738a9 100644 (file)
@@ -13,7 +13,7 @@
  */
 
 /**
- * Login-screen of TYPO3.
+ * Main entry point for all backend-related scripts.
  *
  * @author Kasper Skårhøj <kasperYYYY@typo3.com>
  */
index 1b07698..b85ba12 100644 (file)
@@ -20,9 +20,12 @@ use TYPO3\CMS\Core\Utility\GeneralUtility;
 use Psr\Http\Message\ServerRequestInterface;
 
 /**
- * Base class for all AJAX-related calls for the TYPO3 Backend run through typo3/ajax.php.
+ * AJAX dispatcher
+ *
+ * Main entry point for AJAX calls in the TYPO3 Backend. Based on ?ajaxId of the outside application.
  * Before doing the basic BE-related set up of this request (see the additional calls on $this->bootstrap inside
  * handleRequest()), some AJAX-calls can be made without a valid user, which is determined here.
+ * See $GLOBALS['TYPO3_CONF_VARS']['BE']['AJAX'] and the Core APIs on how to register an AJAX call in the TYPO3 Backend.
  *
  * Due to legacy reasons, the actual logic is in EXT:core/Http/AjaxRequestHandler which will eventually
  * be moved into this class.
@@ -117,13 +120,14 @@ class AjaxRequestHandler implements RequestHandlerInterface {
        }
 
        /**
-        * This request handler can handle any backend request coming from ajax.php
+        * This request handler can handle any backend request coming from ajax.php or having
+        * a ajaxID as parameter (see Application.php in EXT:backend)
         *
         * @param ServerRequestInterface $request
         * @return bool If the request is an AJAX backend request, TRUE otherwise FALSE
         */
        public function canHandleRequest(ServerRequestInterface $request) {
-               return TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_AJAX;
+               return $request->getAttribute('isAjaxRequest', FALSE);
        }
 
        /**
index b860541..1b9a976 100644 (file)
@@ -15,7 +15,7 @@ namespace TYPO3\CMS\Backend\Http;
  */
 use TYPO3\CMS\Core\Core\ApplicationInterface;
 use TYPO3\CMS\Core\Core\Bootstrap;
-
+use TYPO3\CMS\Core\Utility\GeneralUtility;
 
 /**
  * Entry point for the TYPO3 Backend (HTTP requests)
@@ -33,6 +33,11 @@ class Application implements ApplicationInterface {
        protected $entryPointPath = 'typo3/';
 
        /**
+        * @var \Psr\Http\Message\ServerRequestInterface
+        */
+       protected $request;
+
+       /**
         * All available request handlers that can handle backend requests (non-CLI)
         * @var array
         */
@@ -66,6 +71,12 @@ class Application implements ApplicationInterface {
                        $this->bootstrap->registerRequestHandlerImplementation($requestHandler);
                }
 
+               $this->request = \TYPO3\CMS\Core\Http\ServerRequestFactory::fromGlobals();
+               // see below when this option is set
+               if ($GLOBALS['TYPO3_AJAX']) {
+                       $this->request = $this->request->withAttribute('isAjaxRequest', TRUE);
+               }
+
                $this->bootstrap->configure();
        }
 
@@ -76,7 +87,7 @@ class Application implements ApplicationInterface {
         * @return void
         */
        public function run(callable $execute = NULL) {
-               $this->bootstrap->handleRequest(\TYPO3\CMS\Core\Http\ServerRequestFactory::fromGlobals());
+               $this->bootstrap->handleRequest($this->request);
 
                if ($execute !== NULL) {
                        if ($execute instanceof \Closure) {
@@ -99,14 +110,13 @@ class Application implements ApplicationInterface {
         * Define values that are based on the current script
         */
        protected function defineAdditionalEntryPointRelatedConstants() {
-               $currentScript = \TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('SCRIPT_NAME');
+               $currentScript = GeneralUtility::getIndpEnv('SCRIPT_NAME');
 
-               // activate "AJAX" handler when called via ajax.php
-               if (substr($currentScript, -15) === '/typo3/ajax.php') {
+               // activate "AJAX" handler when called with the GET variable ajaxID
+               if (GeneralUtility::_GET('ajaxID') !== NULL) {
                        $GLOBALS['TYPO3_AJAX'] = TRUE;
-               }
-               // allow backend login to work
-               if (substr($currentScript, -16) === '/typo3/index.php') {
+               } elseif (substr($currentScript, -16) === '/typo3/index.php') {
+                       // allow backend login to work
                        define('TYPO3_PROCEED_IF_NO_USER', 1);
                }
        }
index 9378519..a56ed78 100644 (file)
@@ -3301,7 +3301,7 @@ class BackendUtility {
                if (!empty($GLOBALS['TYPO3_CONF_VARS']['BE']['AJAX'][$ajaxIdentifier]['csrfTokenCheck'])) {
                        $additionalUrlParameters['ajaxToken'] = FormProtectionFactory::get()->generateToken('ajaxCall', $ajaxIdentifier);
                }
-               $url = 'ajax.php?' . ltrim(GeneralUtility::implodeArrayForUrl('', ($additionalUrlParameters + $urlParameters), '', TRUE, TRUE), '&');
+               $url = 'index.php?' . ltrim(GeneralUtility::implodeArrayForUrl('', ($additionalUrlParameters + $urlParameters), '', TRUE, TRUE), '&');
                if ($returnAbsoluteUrl) {
                        return GeneralUtility::getIndpEnv('TYPO3_REQUEST_DIR') . $url;
                } else {
index 670eecf..e929fad 100755 (executable)
@@ -3559,11 +3559,13 @@ Connection: close
         * We accept this risk to have the install tool always available.
         * Also CLI needs to be allowed as unfortunately AbstractUserAuthentication::getAuthInfoArray()
         * accesses HTTP_HOST without reason on CLI
+        * Additionally, allows requests when no REQUESTTYPE is set, which can happen quite early in the
+        * Bootstrap. See Application.php in EXT:backend/Classes/Http/.
         *
         * @return bool
         */
        static protected function isInternalRequestType() {
-               return (defined('TYPO3_REQUESTTYPE') && TYPO3_REQUESTTYPE & (TYPO3_REQUESTTYPE_INSTALL | TYPO3_REQUESTTYPE_CLI));
+               return (!defined('TYPO3_REQUESTTYPE') || (defined('TYPO3_REQUESTTYPE') && TYPO3_REQUESTTYPE & (TYPO3_REQUESTTYPE_INSTALL | TYPO3_REQUESTTYPE_CLI)));
        }
 
        /**
diff --git a/typo3/sysext/core/Documentation/Changelog/master/Deprecation-68141-Typo3ajaxphp.rst b/typo3/sysext/core/Documentation/Changelog/master/Deprecation-68141-Typo3ajaxphp.rst
new file mode 100644 (file)
index 0000000..1323c4a
--- /dev/null
@@ -0,0 +1,27 @@
+====================================
+Deprecation: #68141 - typo3/ajax.php
+====================================
+
+Description
+===========
+
+The ajax.php entry-point has been marked as deprecation. All AJAX requests in the Backend using the Ajax API are
+not affected as they automatically use index.php.
+
+
+Impact
+======
+
+All extensions directly linking to typo3/ajax.php will throw a deprecation warning.
+
+
+Affected Installations
+======================
+
+Installations with custom extensions that call typo3/ajax.php without using proper API calls from ``BackendUtility``.
+
+
+Migration
+=========
+
+Use ``BackendUtility::getAjaxUrl()``.