From db962b54dd1f46b0c07c5b17451b799ad6976b9d Mon Sep 17 00:00:00 2001
From: Christian Kuhn <lolli@schwarzbu.ch>
Date: Fri, 15 Feb 2013 22:59:25 +0100
Subject: [PATCH] [TASK] Release typo3/ajax.php from early t3lib_div usage
ajax.php entry script requires t3lib_div very early to use a single
method from it. This is ugly, so the needed code is now implemented
in ajax.php directly, removing the requirement to include t3lib_div
so early.
Change-Id: I974c39c185872ab68bdc7732434c4bc52d77f75f
Resolves: #46269
Release: 6.1
Reviewed-on: https://review.typo3.org/18903
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
---
typo3/ajax.php | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/typo3/ajax.php b/typo3/ajax.php
index b5accaadcc14..e352d5c779e6 100644
--- a/typo3/ajax.php
+++ b/typo3/ajax.php
@@ -24,16 +24,15 @@
*
* This copyright notice MUST APPEAR in all copies of the script!
***************************************************************/
+
/**
* AJAX dispatcher
*
* @author Benjamin Mack <mack@xnos.org>
*/
+
$TYPO3_AJAX = TRUE;
-// Include t3lib_div at this time to get the GET/POST methods it provides
-require_once dirname(__FILE__) . '/../t3lib/class.t3lib_div.php';
-// First get the ajaxID
-$ajaxID = (string) \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('ajaxID');
+
// This is a list of requests that don't necessarily need a valid BE user
$noUserAjaxIDs = array(
'BackendLogin::login',
@@ -42,11 +41,20 @@ $noUserAjaxIDs = array(
'BackendLogin::isTimedOut',
'BackendLogin::getChallenge'
);
+
+// First get the ajaxID
+$ajaxID = isset($_POST['ajaxID']) ? $_POST['ajaxID'] : $_GET['ajaxID'];
+if (isset($ajaxID)) {
+ $ajaxID = (string)stripslashes($ajaxID);
+}
+
// If we're trying to do an ajax login, don't require a user.
if (in_array($ajaxID, $noUserAjaxIDs)) {
define('TYPO3_PROCEED_IF_NO_USER', 2);
}
+
require 'init.php';
+
// finding the script path from the variable
$ajaxScript = $TYPO3_CONF_VARS['BE']['AJAX'][$ajaxID];
// Instantiating the AJAX object
--
GitLab