[TYPO3-core] RFC #5442: Feature: HTTPS port number in lockSSL redirect should be configurable
Martin Kutschker
martin.kutschker-n0spam at no5pam-blackbox.net
Tue Feb 19 23:28:03 CET 2008
Christopher Hlubek schrieb:
> This is an SVN patch request.
>
> Type: New feature
>
> Bugtracker references:
> http://bugs.typo3.org/view.php?id=5442
>
> Branches:
> trunk
>
> Problem:
> Securing backend access for multiple TYPO3 webs with SSL in virtual
> hosting environments with limited ip addresses is only possible using
> different HTTPS ports. But the lockSSL option itself does only a
> redirect from http://{$url} to https://{$url} , which doesn't allow to
> change to a custom HTTPS port on redirect.
>
> Solution:
> A new configuration option $TYPO3_CONF_VARS['BE']['lockSSLPort'] that
> adds the HTTPS port to the url used for redirect with lockSSL.
The change in t3lib_userauth is a bit simple minded. You should remove
the port only from the host name part (everything between // and the
first /), not from the complete URL.
Otherwise +1 from reading (must be changed before committing!), Even if
"list($host,$path) = explode('/',$url,2)" would have been a bit more
elegant than the repeated substr's.
Masi
More information about the TYPO3-team-core
mailing list