[TYPO3-dev] Reintroducing config.baseURL = 1

Steffen Gebert steffen.gebert at typo3.org
Wed Sep 28 13:02:17 CEST 2011


Hi Stig,

> If we understand the security issue correctly, a check if
> $GLOBALS['TSFE']->domainStartPage is an INT would solve the problem.
> Then if we understand domainStartPage correctly, baseURL will only be
> set to TYPO3_SITE_URL if a sys_domain record with that domain exists.

There should be some API to get the domain for a page id. The result of 
this function should be used as base url, regardless of what is in 
HTTP_HOST.

You can't just trust on the existence of a sys_domain record, as it 
could be not the primary one (but a redirection) and it might even be 
defined for another site.

So if the API is used to determine the correct host name, I'm fine with 
this change.

Kind regards
Steffen

-- 
Steffen Gebert
TYPO3 v4 Core Team Member
TYPO3 Server Administration Team Member

TYPO3 .... inspiring people to share!
Get involved: http://typo3.org




More information about the TYPO3-dev mailing list