[TYPO3-core] Gremlin #1519: new option for lockSSL: get redirected to standard http after BE login with SSL
Bernhard Kraft
kraftb at kraftb.at
Mon Nov 14 01:40:00 CET 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sebastian Kurfuerst wrote:
> a new mode for lockSSL is implemented, lockSSL = 3 which does what the
> user wanted.
> HTTPS-login is forced, but after login, it returns to normal mode.
Mostly a +1 but some concerns (others may think different):
Tested it and worked as expected. Checked that each frames content really comes
from the http url and not the https url like alt_main
> + $requestStr = substr(t3lib_div::getIndpEnv('TYPO3_REQUEST_SCRIPT'), strlen(t3lib_div::getIndpEnv('TYPO3_SITE_URL').TYPO3_mainDir));
Instead of the substr construct I would rather prefer something like:
$requestStr = basename(t3lib_div::getIndpEnv('SCRIPT_FILENAME'));
And also on the other location:
> + if($requestStr == 'index.php' && !t3lib_div::getIndpEnv('TYPO3_SSL')) {
And a note to Michael: It doesn't work properly with our Password-Remember extension. You always
get a notice from Firefox that data get's sent to an unecrypted page (from the encrypted one). I
think that has to do with posting it to about:blank ...
greets,
Bernhard
- --
- ----------------------------------------------------------------------
"Freiheit ist immer auch die Freiheit des Andersdenkenden"
Rosa Luxemburg, 1871 - 1919
- ----------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDd9zgIl4dkVkDMFkRAoYVAKCEQnb30ffzX/tLkdV9GKd4ng0jKQCePIUJ
fk1vhBj0ZnGEa9InWXFdeyo=
=a23M
-----END PGP SIGNATURE-----
More information about the TYPO3-team-core
mailing list