[TYPO3-team-core-v5] Getting rid of index_dev.php - please give feedback
Malte Jansen
mail at maltejansen.de
Fri Feb 27 11:03:11 CET 2009
Hi Karsten,
what about putting the context somewhere in the usersession.
Basically, if your developing or testing you could identify your self
and can switch to a certain context.
Just checking a certain URL is not enough for the context.
Here is an article [1] (German) about employees having access to company
servers/accounts after leaving the company. So just having the URL is
not enough, disabling a user additonally is an easy job to deny access
for certain people.
Cheers,
Malte
[1]
http://www.pcwelt.de/start/sicherheit/backup/news/194421/jeder_zweite_mitarbeiter_klaut_firmendaten_nach_kuendigung/index.html
Karsten Dambekalns schrieb:
> Hi.
>
> Currently we need one index.php per context. This sucks equally well for
> CLI and web access.
>
> The idea of using an environment variable came up in the past, and I
> tried that today.
>
>
> CLI - done and working
>
> For CLI usage, simply set FLOW3_CONTEXT to the name of the context, e.g.
> FLOW3_CONTEXT=Development php index.php ...
> or
> FLOW3_CONTEXT=Development ./flow3 ...
>
>
> Apache - not really a problem
>
> The line
> SetEnvIf Request_URI "^/index_dev\.php" FLOW3_CONTEXT=Development
> sets the variable, it is passed through as REDIRECT_FLOW3_CONTEXT in the
> following URL rewriting. Cool.
>
> Combine this with a slightly changed Router class (adjusting the check
> for the script name being present in route()) and it works.
>
> Question: Is there a more elegant way of embedding the context in the URL?
> Task: Keep the context in URL generated by FLOW3.
>
> Arbitrary contexts - a problem?
>
> Looking at the SetEnvIf line it becomes clear that this will not work
> for index_testing.php or index_funny.php. Adding another SetEnvIf is not
> too hard, but should it be needed?
>
> One solution could be to ucfirst() the context from the environment
> variable, then it would work if combined with a rewrite rule like
> ^(?:index(?:_([a-z]+))?.php)?(.*)$ /index.php?/$2 [E=FLOW3_CONTEXT:$1]
>
> The drawback would be that one would have to write index_development.php
>
> Is support for arbitrary contexts something we should have? Is it worth
> the trouble?
>
>
> Regards,
> Karsten
More information about the TYPO3-team-core-v5
mailing list