[TYPO3-dev] Reintroducing config.baseURL = 1
Stig Nørgaard Færch
snf at dkm.dk
Wed Sep 28 12:48:58 CEST 2011
Hi
We are investigating the possibility of reintroducing config.baseURL = 1
This setting was of security reasons removed from 3.8.1:
http://typo3.org/teams/security/security-bulletins/typo3-20051114-6/
We found this URL explaining the security problem:
http://lists.typo3.org/pipermail/typo3-dev/2009-September/037141.html
If we understand the security issue correctly, a check if
$GLOBALS['TSFE']->domainStartPage is an INT would solve the problem.
Then if we understand domainStartPage correctly, baseURL will only be
set to TYPO3_SITE_URL if a sys_domain record with that domain exists.
http://api.typo3.org/typo3v4/current/html/class_8tslib__pagegen_8php_source.html#l00119
Could that be a way to reintroduce config.baseURL = 1 ?
it could also be config.baseURL = auto
or config.baseURL = sys_domain
What do you think?
This was also sent to the Security Team.
/Stig
More information about the TYPO3-dev
mailing list