[TYPO3-core] RFC #5442: Feature: HTTPS port number in lockSSL redirect should be configurable
Christopher Hlubek
hlubek at networkteam.com
Wed Feb 20 20:07:08 CET 2008
Christopher Hlubek schrieb:
> Martin Kutschker schrieb:
>> Christopher Hlubek schrieb:
>>> This is an SVN patch request.
>>>
>>> Type: New feature
>>>
>>> Bugtracker references:
>>> http://bugs.typo3.org/view.php?id=5442
>>>
>>> Branches:
>>> trunk
>>>
>>> Problem:
>>> Securing backend access for multiple TYPO3 webs with SSL in virtual
>>> hosting environments with limited ip addresses is only possible using
>>> different HTTPS ports. But the lockSSL option itself does only a
>>> redirect from http://{$url} to https://{$url} , which doesn't allow
>>> to change to a custom HTTPS port on redirect.
>>>
>>> Solution:
>>> A new configuration option $TYPO3_CONF_VARS['BE']['lockSSLPort'] that
>>> adds the HTTPS port to the url used for redirect with lockSSL.
>>
>> The change in t3lib_userauth is a bit simple minded. You should remove
>> the port only from the host name part (everything between // and the
>> first /), not from the complete URL.
>>
>> Otherwise +1 from reading (must be changed before committing!), Even
>> if "list($host,$path) = explode('/',$url,2)" would have been a bit
>> more elegant than the repeated substr's.
>>
>> Masi
>
> Good point Martin,
>
> I will update the patch this evening.
>
> -Christopher
A new patch with the changes mentioned by Martin is attached.
-Christopher
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: TYPO3-lockSSLPort-4.patch
Url: http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20080220/737c2a4a/attachment.txt
More information about the TYPO3-team-core
mailing list