From de6aa4267aed48fa5285f3077db2a798b66673e3 Mon Sep 17 00:00:00 2001
From: Benjamin Mack <benni@typo3.org>
Date: Tue, 14 Jul 2015 23:21:27 +0200
Subject: [PATCH] [TASK] Move Backend AJAX Calls to index.php
The typo3/ajax.php entrypoint is removed in favor of
checking for ajaxID in all backend requests inside the Backend
Application.
The request object from the server is now enhanced with the
information inside the application which type is now called.
In this course, the GeneralUtility::isInternalRequestType()
is extended to return ture if no request type constant is set
due to early calls to GeneralUtility methods when building the
ServerRequest object with a Uri object.
Resolves: #68141
Releases: master
Change-Id: I27f2e4fce2007981f323d0607c2dfb0b3a17d020
Reviewed-on: http://review.typo3.org/41247
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
---
typo3/ajax.php | 6 ++++-
typo3/index.php | 2 +-
.../Classes/Http/AjaxRequestHandler.php | 10 ++++---
.../backend/Classes/Http/Application.php | 26 ++++++++++++------
.../Classes/Utility/BackendUtility.php | 2 +-
.../core/Classes/Utility/GeneralUtility.php | 4 ++-
.../master/Deprecation-68141-Typo3ajaxphp.rst | 27 +++++++++++++++++++
7 files changed, 62 insertions(+), 15 deletions(-)
create mode 100644 typo3/sysext/core/Documentation/Changelog/master/Deprecation-68141-Typo3ajaxphp.rst
diff --git a/typo3/ajax.php b/typo3/ajax.php
index da750865f77f..deb9231eddc4 100644
--- a/typo3/ajax.php
+++ b/typo3/ajax.php
@@ -20,5 +20,9 @@
*/
call_user_func(function() {
$classLoader = require __DIR__ . '/contrib/vendor/autoload.php';
- (new \TYPO3\CMS\Backend\Http\Application($classLoader))->run();
+ (new \TYPO3\CMS\Backend\Http\Application($classLoader))->run(function() {
+ \TYPO3\CMS\Core\Utility\GeneralUtility::deprecationLog(
+ 'The entry point to ajax.php was moved to index.php with ajaxID given. Please use BackendUtility::getAjaxUrl(\'myAjaxKey\') to link to the AJAX Call. This script will be removed in TYPO3 CMS 8.'
+ );
+ });
});
diff --git a/typo3/index.php b/typo3/index.php
index 69514c7b1a67..c4738a9c4bb9 100644
--- a/typo3/index.php
+++ b/typo3/index.php
@@ -13,7 +13,7 @@
*/
/**
- * Login-screen of TYPO3.
+ * Main entry point for all backend-related scripts.
*
* @author Kasper Skårhøj <kasperYYYY@typo3.com>
*/
diff --git a/typo3/sysext/backend/Classes/Http/AjaxRequestHandler.php b/typo3/sysext/backend/Classes/Http/AjaxRequestHandler.php
index 1b0769894f4b..b85ba120730b 100644
--- a/typo3/sysext/backend/Classes/Http/AjaxRequestHandler.php
+++ b/typo3/sysext/backend/Classes/Http/AjaxRequestHandler.php
@@ -20,9 +20,12 @@ use TYPO3\CMS\Core\Utility\GeneralUtility;
use Psr\Http\Message\ServerRequestInterface;
/**
- * Base class for all AJAX-related calls for the TYPO3 Backend run through typo3/ajax.php.
+ * AJAX dispatcher
+ *
+ * Main entry point for AJAX calls in the TYPO3 Backend. Based on ?ajaxId of the outside application.
* Before doing the basic BE-related set up of this request (see the additional calls on $this->bootstrap inside
* handleRequest()), some AJAX-calls can be made without a valid user, which is determined here.
+ * See $GLOBALS['TYPO3_CONF_VARS']['BE']['AJAX'] and the Core APIs on how to register an AJAX call in the TYPO3 Backend.
*
* Due to legacy reasons, the actual logic is in EXT:core/Http/AjaxRequestHandler which will eventually
* be moved into this class.
@@ -117,13 +120,14 @@ class AjaxRequestHandler implements RequestHandlerInterface {
}
/**
- * This request handler can handle any backend request coming from ajax.php
+ * This request handler can handle any backend request coming from ajax.php or having
+ * a ajaxID as parameter (see Application.php in EXT:backend)
*
* @param ServerRequestInterface $request
* @return bool If the request is an AJAX backend request, TRUE otherwise FALSE
*/
public function canHandleRequest(ServerRequestInterface $request) {
- return TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_AJAX;
+ return $request->getAttribute('isAjaxRequest', FALSE);
}
/**
diff --git a/typo3/sysext/backend/Classes/Http/Application.php b/typo3/sysext/backend/Classes/Http/Application.php
index b860541aebd2..1b9a9760edea 100644
--- a/typo3/sysext/backend/Classes/Http/Application.php
+++ b/typo3/sysext/backend/Classes/Http/Application.php
@@ -15,7 +15,7 @@ namespace TYPO3\CMS\Backend\Http;
*/
use TYPO3\CMS\Core\Core\ApplicationInterface;
use TYPO3\CMS\Core\Core\Bootstrap;
-
+use TYPO3\CMS\Core\Utility\GeneralUtility;
/**
* Entry point for the TYPO3 Backend (HTTP requests)
@@ -32,6 +32,11 @@ class Application implements ApplicationInterface {
*/
protected $entryPointPath = 'typo3/';
+ /**
+ * @var \Psr\Http\Message\ServerRequestInterface
+ */
+ protected $request;
+
/**
* All available request handlers that can handle backend requests (non-CLI)
* @var array
@@ -66,6 +71,12 @@ class Application implements ApplicationInterface {
$this->bootstrap->registerRequestHandlerImplementation($requestHandler);
}
+ $this->request = \TYPO3\CMS\Core\Http\ServerRequestFactory::fromGlobals();
+ // see below when this option is set
+ if ($GLOBALS['TYPO3_AJAX']) {
+ $this->request = $this->request->withAttribute('isAjaxRequest', TRUE);
+ }
+
$this->bootstrap->configure();
}
@@ -76,7 +87,7 @@ class Application implements ApplicationInterface {
* @return void
*/
public function run(callable $execute = NULL) {
- $this->bootstrap->handleRequest(\TYPO3\CMS\Core\Http\ServerRequestFactory::fromGlobals());
+ $this->bootstrap->handleRequest($this->request);
if ($execute !== NULL) {
if ($execute instanceof \Closure) {
@@ -99,14 +110,13 @@ class Application implements ApplicationInterface {
* Define values that are based on the current script
*/
protected function defineAdditionalEntryPointRelatedConstants() {
- $currentScript = \TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('SCRIPT_NAME');
+ $currentScript = GeneralUtility::getIndpEnv('SCRIPT_NAME');
- // activate "AJAX" handler when called via ajax.php
- if (substr($currentScript, -15) === '/typo3/ajax.php') {
+ // activate "AJAX" handler when called with the GET variable ajaxID
+ if (GeneralUtility::_GET('ajaxID') !== NULL) {
$GLOBALS['TYPO3_AJAX'] = TRUE;
- }
- // allow backend login to work
- if (substr($currentScript, -16) === '/typo3/index.php') {
+ } elseif (substr($currentScript, -16) === '/typo3/index.php') {
+ // allow backend login to work
define('TYPO3_PROCEED_IF_NO_USER', 1);
}
}
diff --git a/typo3/sysext/backend/Classes/Utility/BackendUtility.php b/typo3/sysext/backend/Classes/Utility/BackendUtility.php
index 937851912b48..a56ed78e0b66 100644
--- a/typo3/sysext/backend/Classes/Utility/BackendUtility.php
+++ b/typo3/sysext/backend/Classes/Utility/BackendUtility.php
@@ -3301,7 +3301,7 @@ class BackendUtility {
if (!empty($GLOBALS['TYPO3_CONF_VARS']['BE']['AJAX'][$ajaxIdentifier]['csrfTokenCheck'])) {
$additionalUrlParameters['ajaxToken'] = FormProtectionFactory::get()->generateToken('ajaxCall', $ajaxIdentifier);
}
- $url = 'ajax.php?' . ltrim(GeneralUtility::implodeArrayForUrl('', ($additionalUrlParameters + $urlParameters), '', TRUE, TRUE), '&');
+ $url = 'index.php?' . ltrim(GeneralUtility::implodeArrayForUrl('', ($additionalUrlParameters + $urlParameters), '', TRUE, TRUE), '&');
if ($returnAbsoluteUrl) {
return GeneralUtility::getIndpEnv('TYPO3_REQUEST_DIR') . $url;
} else {
diff --git a/typo3/sysext/core/Classes/Utility/GeneralUtility.php b/typo3/sysext/core/Classes/Utility/GeneralUtility.php
index 670eecfdbaa8..e929fadd028c 100755
--- a/typo3/sysext/core/Classes/Utility/GeneralUtility.php
+++ b/typo3/sysext/core/Classes/Utility/GeneralUtility.php
@@ -3559,11 +3559,13 @@ Connection: close
* We accept this risk to have the install tool always available.
* Also CLI needs to be allowed as unfortunately AbstractUserAuthentication::getAuthInfoArray()
* accesses HTTP_HOST without reason on CLI
+ * Additionally, allows requests when no REQUESTTYPE is set, which can happen quite early in the
+ * Bootstrap. See Application.php in EXT:backend/Classes/Http/.
*
* @return bool
*/
static protected function isInternalRequestType() {
- return (defined('TYPO3_REQUESTTYPE') && TYPO3_REQUESTTYPE & (TYPO3_REQUESTTYPE_INSTALL | TYPO3_REQUESTTYPE_CLI));
+ return (!defined('TYPO3_REQUESTTYPE') || (defined('TYPO3_REQUESTTYPE') && TYPO3_REQUESTTYPE & (TYPO3_REQUESTTYPE_INSTALL | TYPO3_REQUESTTYPE_CLI)));
}
/**
diff --git a/typo3/sysext/core/Documentation/Changelog/master/Deprecation-68141-Typo3ajaxphp.rst b/typo3/sysext/core/Documentation/Changelog/master/Deprecation-68141-Typo3ajaxphp.rst
new file mode 100644
index 000000000000..1323c4a85c9a
--- /dev/null
+++ b/typo3/sysext/core/Documentation/Changelog/master/Deprecation-68141-Typo3ajaxphp.rst
@@ -0,0 +1,27 @@
+====================================
+Deprecation: #68141 - typo3/ajax.php
+====================================
+
+Description
+===========
+
+The ajax.php entry-point has been marked as deprecation. All AJAX requests in the Backend using the Ajax API are
+not affected as they automatically use index.php.
+
+
+Impact
+======
+
+All extensions directly linking to typo3/ajax.php will throw a deprecation warning.
+
+
+Affected Installations
+======================
+
+Installations with custom extensions that call typo3/ajax.php without using proper API calls from ``BackendUtility``.
+
+
+Migration
+=========
+
+Use ``BackendUtility::getAjaxUrl()``.
--
GitLab