[TYPO3-core] RFC: #11710: Remove local loopback bypass in Install Tool Login
Stefan Geith
typo3dev2008.nospam1 at geithware.de
Fri Aug 28 12:03:26 CEST 2009
Hi Steffen,
Steffen Kamper schrieb:
> Hi,
>
> +1 by reading and testing.
>
> Anyway it's annoying for me on my local machine to be asked for file
> creation. Any suggestions for lazy devs (without patching it to 1==1)?
I'd like to have that too - already patching every install ...
Suggestion:
Additional file
'INSTALL_IP_LIST'
containing a List of IPs that may enter install-tool without further checks.
If not existing or empty file or IP not included in List:
Normal procedure as it is now ...
Implementation is simply:
...
$ipListFile = dirname($PATH_thisScript).'/typo3conf/INSTALL_IP_LIST';
$allowedIpList = file ($ipListFile);
if (!is_array($allowedIpList)) {
$allowedIpList = Array();
}
...
if (1==2 || (!in_array($_SERVER['REMOTE_ADDR'], $allowedIpList) &&
!is_file($enableInstallToolFile))) {
...
What do you think ?
/Stefan
>
> vg Steffen
> _______________________________________________
> Before posting to this list, please have a look to the posting rules
> on the following websites:
>
> http://typo3.org/teams/core/core-mailinglist-rules/
> http://typo3.org/development/bug-fixing/diff-and-patch/
> _______________________________________________
> TYPO3-team-core mailing list
> TYPO3-team-core at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-team-core
More information about the TYPO3-team-core
mailing list