[TYPO3-core] RFC #5442: Feature: HTTPS port number in lockSSL redirect should be configurable
Christopher Hlubek
hlubek at networkteam.com
Wed Feb 20 17:37:30 CET 2008
Martin Kutschker schrieb:
> Christopher Hlubek schrieb:
>> This is an SVN patch request.
>>
>> Type: New feature
>>
>> Bugtracker references:
>> http://bugs.typo3.org/view.php?id=5442
>>
>> Branches:
>> trunk
>>
>> Problem:
>> Securing backend access for multiple TYPO3 webs with SSL in virtual
>> hosting environments with limited ip addresses is only possible using
>> different HTTPS ports. But the lockSSL option itself does only a
>> redirect from http://{$url} to https://{$url} , which doesn't allow to
>> change to a custom HTTPS port on redirect.
>>
>> Solution:
>> A new configuration option $TYPO3_CONF_VARS['BE']['lockSSLPort'] that
>> adds the HTTPS port to the url used for redirect with lockSSL.
>
> The change in t3lib_userauth is a bit simple minded. You should remove
> the port only from the host name part (everything between // and the
> first /), not from the complete URL.
>
> Otherwise +1 from reading (must be changed before committing!), Even if
> "list($host,$path) = explode('/',$url,2)" would have been a bit more
> elegant than the repeated substr's.
>
> Masi
Good point Martin,
I will update the patch this evening.
-Christopher
More information about the TYPO3-team-core
mailing list