diff --git a/typo3/ajax.php b/typo3/ajax.php
index da750865f77f7930f41a1ad50335f6aacd8242af..deb9231eddc4e3980f3b0c302e9afedf66214da8 100644
--- a/typo3/ajax.php
+++ b/typo3/ajax.php
@@ -20,5 +20,9 @@
*/
call_user_func(function() {
$classLoader = require __DIR__ . '/contrib/vendor/autoload.php';
- (new \TYPO3\CMS\Backend\Http\Application($classLoader))->run();
+ (new \TYPO3\CMS\Backend\Http\Application($classLoader))->run(function() {
+ \TYPO3\CMS\Core\Utility\GeneralUtility::deprecationLog(
+ 'The entry point to ajax.php was moved to index.php with ajaxID given. Please use BackendUtility::getAjaxUrl(\'myAjaxKey\') to link to the AJAX Call. This script will be removed in TYPO3 CMS 8.'
+ );
+ });
});
diff --git a/typo3/index.php b/typo3/index.php
index 69514c7b1a674b9f06f10293476740378d390d65..c4738a9c4bb93323c3ad4055e4d57bff7ca6a1aa 100644
--- a/typo3/index.php
+++ b/typo3/index.php
@@ -13,7 +13,7 @@
*/
/**
- * Login-screen of TYPO3.
+ * Main entry point for all backend-related scripts.
*
* @author Kasper Skårhøj <kasperYYYY@typo3.com>
*/
diff --git a/typo3/sysext/backend/Classes/Http/AjaxRequestHandler.php b/typo3/sysext/backend/Classes/Http/AjaxRequestHandler.php
index 1b0769894f4b5a2a76a0f6183fa237e8dadb47b0..b85ba120730b4e50f7ccf8b0016818587e9421b1 100644
--- a/typo3/sysext/backend/Classes/Http/AjaxRequestHandler.php
+++ b/typo3/sysext/backend/Classes/Http/AjaxRequestHandler.php
@@ -20,9 +20,12 @@ use TYPO3\CMS\Core\Utility\GeneralUtility;
use Psr\Http\Message\ServerRequestInterface;
/**
- * Base class for all AJAX-related calls for the TYPO3 Backend run through typo3/ajax.php.
+ * AJAX dispatcher
+ *
+ * Main entry point for AJAX calls in the TYPO3 Backend. Based on ?ajaxId of the outside application.
* Before doing the basic BE-related set up of this request (see the additional calls on $this->bootstrap inside
* handleRequest()), some AJAX-calls can be made without a valid user, which is determined here.
+ * See $GLOBALS['TYPO3_CONF_VARS']['BE']['AJAX'] and the Core APIs on how to register an AJAX call in the TYPO3 Backend.
*
* Due to legacy reasons, the actual logic is in EXT:core/Http/AjaxRequestHandler which will eventually
* be moved into this class.
@@ -117,13 +120,14 @@ class AjaxRequestHandler implements RequestHandlerInterface {
}
/**
- * This request handler can handle any backend request coming from ajax.php
+ * This request handler can handle any backend request coming from ajax.php or having
+ * a ajaxID as parameter (see Application.php in EXT:backend)
*
* @param ServerRequestInterface $request
* @return bool If the request is an AJAX backend request, TRUE otherwise FALSE
*/
public function canHandleRequest(ServerRequestInterface $request) {
- return TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_AJAX;
+ return $request->getAttribute('isAjaxRequest', FALSE);
}
/**
diff --git a/typo3/sysext/backend/Classes/Http/Application.php b/typo3/sysext/backend/Classes/Http/Application.php
index b860541aebd282fba4ba4279a5e17a042f85d81b..1b9a9760edea028db030ccc664939c39c40a1311 100644
--- a/typo3/sysext/backend/Classes/Http/Application.php
+++ b/typo3/sysext/backend/Classes/Http/Application.php
@@ -15,7 +15,7 @@ namespace TYPO3\CMS\Backend\Http;
*/
use TYPO3\CMS\Core\Core\ApplicationInterface;
use TYPO3\CMS\Core\Core\Bootstrap;
-
+use TYPO3\CMS\Core\Utility\GeneralUtility;
/**
* Entry point for the TYPO3 Backend (HTTP requests)
@@ -32,6 +32,11 @@ class Application implements ApplicationInterface {
*/
protected $entryPointPath = 'typo3/';
+ /**
+ * @var \Psr\Http\Message\ServerRequestInterface
+ */
+ protected $request;
+
/**
* All available request handlers that can handle backend requests (non-CLI)
* @var array
@@ -66,6 +71,12 @@ class Application implements ApplicationInterface {
$this->bootstrap->registerRequestHandlerImplementation($requestHandler);
}
+ $this->request = \TYPO3\CMS\Core\Http\ServerRequestFactory::fromGlobals();
+ // see below when this option is set
+ if ($GLOBALS['TYPO3_AJAX']) {
+ $this->request = $this->request->withAttribute('isAjaxRequest', TRUE);
+ }
+
$this->bootstrap->configure();
}
@@ -76,7 +87,7 @@ class Application implements ApplicationInterface {
* @return void
*/
public function run(callable $execute = NULL) {
- $this->bootstrap->handleRequest(\TYPO3\CMS\Core\Http\ServerRequestFactory::fromGlobals());
+ $this->bootstrap->handleRequest($this->request);
if ($execute !== NULL) {
if ($execute instanceof \Closure) {
@@ -99,14 +110,13 @@ class Application implements ApplicationInterface {
* Define values that are based on the current script
*/
protected function defineAdditionalEntryPointRelatedConstants() {
- $currentScript = \TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('SCRIPT_NAME');
+ $currentScript = GeneralUtility::getIndpEnv('SCRIPT_NAME');
- // activate "AJAX" handler when called via ajax.php
- if (substr($currentScript, -15) === '/typo3/ajax.php') {
+ // activate "AJAX" handler when called with the GET variable ajaxID
+ if (GeneralUtility::_GET('ajaxID') !== NULL) {
$GLOBALS['TYPO3_AJAX'] = TRUE;
- }
- // allow backend login to work
- if (substr($currentScript, -16) === '/typo3/index.php') {
+ } elseif (substr($currentScript, -16) === '/typo3/index.php') {
+ // allow backend login to work
define('TYPO3_PROCEED_IF_NO_USER', 1);
}
}
diff --git a/typo3/sysext/backend/Classes/Utility/BackendUtility.php b/typo3/sysext/backend/Classes/Utility/BackendUtility.php
index 937851912b48aabd4dc0a80262bea45ab2c752fc..a56ed78e0b66122774ab811cb123d339ae18ab0d 100644
--- a/typo3/sysext/backend/Classes/Utility/BackendUtility.php
+++ b/typo3/sysext/backend/Classes/Utility/BackendUtility.php
@@ -3301,7 +3301,7 @@ class BackendUtility {
if (!empty($GLOBALS['TYPO3_CONF_VARS']['BE']['AJAX'][$ajaxIdentifier]['csrfTokenCheck'])) {
$additionalUrlParameters['ajaxToken'] = FormProtectionFactory::get()->generateToken('ajaxCall', $ajaxIdentifier);
}
- $url = 'ajax.php?' . ltrim(GeneralUtility::implodeArrayForUrl('', ($additionalUrlParameters + $urlParameters), '', TRUE, TRUE), '&');
+ $url = 'index.php?' . ltrim(GeneralUtility::implodeArrayForUrl('', ($additionalUrlParameters + $urlParameters), '', TRUE, TRUE), '&');
if ($returnAbsoluteUrl) {
return GeneralUtility::getIndpEnv('TYPO3_REQUEST_DIR') . $url;
} else {
diff --git a/typo3/sysext/core/Classes/Utility/GeneralUtility.php b/typo3/sysext/core/Classes/Utility/GeneralUtility.php
index 670eecfdbaa8a898ab8de96783c3353e13834112..e929fadd028cc2b1cb7092f7d9f66712dd7af4bb 100755
--- a/typo3/sysext/core/Classes/Utility/GeneralUtility.php
+++ b/typo3/sysext/core/Classes/Utility/GeneralUtility.php
@@ -3559,11 +3559,13 @@ Connection: close
* We accept this risk to have the install tool always available.
* Also CLI needs to be allowed as unfortunately AbstractUserAuthentication::getAuthInfoArray()
* accesses HTTP_HOST without reason on CLI
+ * Additionally, allows requests when no REQUESTTYPE is set, which can happen quite early in the
+ * Bootstrap. See Application.php in EXT:backend/Classes/Http/.
*
* @return bool
*/
static protected function isInternalRequestType() {
- return (defined('TYPO3_REQUESTTYPE') && TYPO3_REQUESTTYPE & (TYPO3_REQUESTTYPE_INSTALL | TYPO3_REQUESTTYPE_CLI));
+ return (!defined('TYPO3_REQUESTTYPE') || (defined('TYPO3_REQUESTTYPE') && TYPO3_REQUESTTYPE & (TYPO3_REQUESTTYPE_INSTALL | TYPO3_REQUESTTYPE_CLI)));
}
/**
diff --git a/typo3/sysext/core/Documentation/Changelog/master/Deprecation-68141-Typo3ajaxphp.rst b/typo3/sysext/core/Documentation/Changelog/master/Deprecation-68141-Typo3ajaxphp.rst
new file mode 100644
index 0000000000000000000000000000000000000000..1323c4a85c9a05ed7ecc157647e92846c771f7d8
--- /dev/null
+++ b/typo3/sysext/core/Documentation/Changelog/master/Deprecation-68141-Typo3ajaxphp.rst
@@ -0,0 +1,27 @@
+====================================
+Deprecation: #68141 - typo3/ajax.php
+====================================
+
+Description
+===========
+
+The ajax.php entry-point has been marked as deprecation. All AJAX requests in the Backend using the Ajax API are
+not affected as they automatically use index.php.
+
+
+Impact
+======
+
+All extensions directly linking to typo3/ajax.php will throw a deprecation warning.
+
+
+Affected Installations
+======================
+
+Installations with custom extensions that call typo3/ajax.php without using proper API calls from ``BackendUtility``.
+
+
+Migration
+=========
+
+Use ``BackendUtility::getAjaxUrl()``.