[TYPO3-core] RFC: allow access from private nets

[Martin Kutschker]

Michael Stucki schrieb:
>>
>>Has the installer access to t3lib? If so, it could read the file. If it
>>finds IP ranges in it (like SYS[devIPmask]) it could verify the clients IP
>>address against it. If no IP is found all addresses are allowed.
> 
> 
> typo3/init.php is loaded at the very end of that script with the constant
> TYPO3_enterInstallScript being set. I didn't dig further into this but
> think that we cannot use any other classes at this stage...

I see.

>>Why did you change the "1==0" comparison to "1==2"? IMHO this can be
>>removed. Those who know PHP may change the code the way they like.
> 
> I removed it during testing and added it again at the end. No special reason
> for replacing 0 with 2. However, I suggest to keep it because this offers
> all possibilities for those mass-hosters like before (e.g. set 1==1 and the
> die() will always appear, or vice versa comment out the die() to make sure
> that it will never appear).

But those mass hosters can change the code however they like. I reckon the 
1==0 => 1==1 check is meant as a convenience feature. You have to change 
only one character instead of say adding 4 (eg "1 || ").

I doesn't hurt bit is IMHO a pointless code.

>>We could add those mask to the debug IP range:
>>
>>SYS[devIPmask] = '10.*,72.16.*,192.168.*,127.0.0.1'
> 
> Is it really useful to add any addresses besides localhost anyway? This
> default value makes the debug() function unusable for intranets! 

Intranets are a good point. But then we should change it to '127.0.0.1' 
without any other nets.

 >(and btw.  I don't know where else these private nets are being used...)

In the code or in the real life? The company I work for uses 10.*.

> Instead of extending it, I suggest to shorten it to 127.0.0.1 but finally
> add "::1" (IPv6 pendant of 127.0.0.1).

You have convince me, +1

Masi