From b689a448f76ff5a55ef52893d4c4d88da1ee747d Mon Sep 17 00:00:00 2001
From: Wouter Wolters <typo3@wouterwolters.nl>
Date: Wed, 25 Jul 2018 20:36:45 +0200
Subject: [PATCH] [TASK] Deprecate eID registration with a script to a file

Resolves: #85646
Releases: master
Change-Id: Ib8d550acb922c02c240f09898e4a354708a729b7
Reviewed-on: https://review.typo3.org/57683
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
---
 ...-85646-DeprecateEIDImplementedAsScript.rst | 44 +++++++++++++++++++
 .../Classes/Middleware/EidHandler.php         |  6 ++-
 2 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 typo3/sysext/core/Documentation/Changelog/master/Deprecation-85646-DeprecateEIDImplementedAsScript.rst

diff --git a/typo3/sysext/core/Documentation/Changelog/master/Deprecation-85646-DeprecateEIDImplementedAsScript.rst b/typo3/sysext/core/Documentation/Changelog/master/Deprecation-85646-DeprecateEIDImplementedAsScript.rst
new file mode 100644
index 000000000000..6a3a4d5a2f5e
--- /dev/null
+++ b/typo3/sysext/core/Documentation/Changelog/master/Deprecation-85646-DeprecateEIDImplementedAsScript.rst
@@ -0,0 +1,44 @@
+.. include:: ../../Includes.txt
+
+=========================================================
+Deprecation: #85646 - Deprecate eID implemented as script
+=========================================================
+
+See :issue:`85646`
+
+Description
+===========
+
+Calling a frontend eID as a direct script call has been deprecated.
+
+Setting a PHP eID include like this logs deprecation warnings::
+
+    $GLOBALS['TYPO3_CONF_VARS']['FE']['eID_include']['myEid'] = 'EXT:myExt/Resources/Php/MyAjax.php';
+
+This is not valid anymore. Instead, a class / method combination should be used::
+
+    $GLOBALS['TYPO3_CONF_VARS']['FE']['eID_include']['myEid'] = \MyVendor\MyExt\Controller\MyEidController::class . '::myMethod';
+
+The main difference is that a script call does not execute code if calling :php:`require()` on
+it directly anymore, but needs a proper registration including an entry method to be called.
+This increases encapsulation and security.
+
+Impact
+======
+
+eIDs which are registered with a direct script includes log a deprecation message.
+
+
+Affected Installations
+======================
+
+3rd party extensions which implement eIDs with a script to a file instead of
+a class->method combination.
+
+
+Migration
+=========
+
+Register eID with a class::method syntax like :php:`\TYPO3\CMS\Frontend\MyClass::mymethod` instead.
+
+.. index:: Frontend, NotScanned
\ No newline at end of file
diff --git a/typo3/sysext/frontend/Classes/Middleware/EidHandler.php b/typo3/sysext/frontend/Classes/Middleware/EidHandler.php
index a90a2b9f8f04..cf4db884e395 100644
--- a/typo3/sysext/frontend/Classes/Middleware/EidHandler.php
+++ b/typo3/sysext/frontend/Classes/Middleware/EidHandler.php
@@ -65,7 +65,11 @@ class EidHandler implements MiddlewareInterface
             $request = $request->withAttribute('target', $configuration);
             return $dispatcher->dispatch($request, $response) ?? new NullResponse();
         }
-
+        trigger_error(
+            'eID "' . $eID . '" is registered with a script to a file. This behaviour will be removed in TYPO3 v10.'
+            . ' Register eID with a class::method syntax like "\MyVendor\MyExtension\Controller\MyEidController::myMethod" instead.',
+            E_USER_DEPRECATED
+        );
         $scriptPath = GeneralUtility::getFileAbsFileName($configuration);
         if ($scriptPath === '') {
             throw new Exception('Registered eID has invalid script path.', 1518042216);
-- 
GitLab