[TYPO3-core] RFC: #10724: Feature: Provide a check that compare a given URL with the host, TYPO3 is running on!
Marcus Krause
marcus#exp2009 at t3sec.info
Mon Apr 6 13:14:17 CEST 2009
Martin Kutschker schrieb am 04/06/2009 01:03 PM Uhr:
> Marcus Krause schrieb:
>> Ingo Renner schrieb am 04/04/2009 11:07 AM Uhr:
>>> Martin Kutschker wrote:
>>>> Oliver Hader schrieb:
>>>>> I attached a modified version of your patch that moves the
>>>>> isAllowed-method to t3lib_div since it can be useful for situations that
>>>>> are not only in the backend. Furthermore I changed the comments and some
>>>>> formatting issues.
>>>> -1 if the name stays t3lib_div::isAllowedUrl. The name implies a check
>>>> against a list of valid urls. In fact it only checks if the given
>>>> scheme/host/port (but not the user part) of the current HTTP request is
>>>> the same.
>>> that's what came to my mind, too.
>>>
>>>> Maybe t3lib_div::cmpHost($url, $hostlist) is more in line with the
>>>> current code (see t3lib_div::cmpIP).
>>> however, I wouldn't like to go with the mistakes from the past and would
>>> therefore suggest calling the function
>>>
>>> isSameHost($url) or isSameAsExecutingHost($url) or equalsThisHost() or ...
>> Okay, I will send another patch using isSameHost(). That's the
>> "direction" it was initially intended.
>
> BTW, you what was your opinion on my remark that for the code
> http://host:80 is not equal to http://host?
$url is constructed by TYPO3 itself. If there's a port in there, it will
be available in TYPO3_REQUEST_HOST too.
In addition, your suggestion might require actual parsing of the URL
whereas current patch version is only a string matching operation.
However, feel free to provide a different solution!
Marcus.
More information about the TYPO3-team-core
mailing list