[TYPO3-core] RFC: #11710: Remove local loopback bypass in Install Tool Login
Stefan Geith
typo3dev2008.nospam1 at geithware.de
Mon Aug 17 12:36:21 CEST 2009
Hi All,
Mario Rimann schrieb:
> Bugtracker references:
> http://bugs.typo3.org/view.php?id=11710
>
> In Bug 11450 I wanted the local loopback bypass in the install tool
> login to be extended to also work with the IPv6 loopback (::1). But we
> agreed to remove this IP-address depending bypass completely.
>
> Solution:
> The attached patch just removes the condition that relies on the IP address.
Just an idea:
Couldn't we store a 'bypass-ip' in localconf ?
- If it is empty (by default) nobody can login to
install-tool _without_ the file 'ENABLE_INSTALL_TOOL'.
(Same as with removed $_SERVER['REMOTE_ADDR'])
- IF i want to bypass the 'ENABLE_INSTALL_TOOL'-check,
I could enter an IP-Address (localhost=127.0.0.1 or
a local IP=192.x.y.z or my Office-IP=123.321.x.y)
I for example change every new version of Typo3 to enable
my local IP without the 'ENABLE_INSTALL_TOOL'-File.
Would be ways better to have this in localconf.php ...
What do you think ?
/Stefan
More information about the TYPO3-team-core
mailing list