[TYPO3-core] Gremlin #1519: new option for lockSSL: get redirected to standard http after BE login with SSL

[Bernhard Kraft]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sebastian Kurfuerst wrote:

> a new mode for lockSSL is implemented, lockSSL = 3 which does what the
> user wanted.
> HTTPS-login is forced, but after login, it returns to normal mode.

Mostly a +1 but some concerns (others may think different):
Tested it and worked as expected. Checked that each frames content really comes
from the http url and not the https url like alt_main

> +				$requestStr = substr(t3lib_div::getIndpEnv('TYPO3_REQUEST_SCRIPT'), strlen(t3lib_div::getIndpEnv('TYPO3_SITE_URL').TYPO3_mainDir));

Instead of the substr construct I would rather prefer something like:

$requestStr = basename(t3lib_div::getIndpEnv('SCRIPT_FILENAME'));

And also on the other location:

> +		if($requestStr == 'index.php' && !t3lib_div::getIndpEnv('TYPO3_SSL'))	{


And a note to Michael: It doesn't work properly with our Password-Remember extension. You always
get a notice from Firefox that data get's sent to an unecrypted page (from the encrypted one). I
think that has to do with posting it to about:blank ...


greets,
Bernhard
- --
- ----------------------------------------------------------------------
"Freiheit ist immer auch die Freiheit des Andersdenkenden"
Rosa Luxemburg, 1871 - 1919
- ----------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDd9zgIl4dkVkDMFkRAoYVAKCEQnb30ffzX/tLkdV9GKd4ng0jKQCePIUJ
fk1vhBj0ZnGEa9InWXFdeyo=
=a23M
-----END PGP SIGNATURE-----