[TYPO3-core] RFC #15379: Bug: Don't break BE session IP locking on IPv6 client
Wiel, J.A.M. van de
j.a.m.v.d.wiel at tue.nl
Sun Aug 8 17:28:21 CEST 2010
This is an SVN patch request.
Type: Bugfix
Bugtracker references:
http://bugs.typo3.org/view.php?id=15379
Branches:
TYPO3_4-4 & trunk
Problem:
The IP lock of a BE session assumes IPv4 and its 4 octets for splitting into parts. Obviously this won't fly with valid IPv6 client addresses since they don't have the 4 octets separated by dots.
Solution:
My patch uses the core API to check whether the client has a valid IPv6 address. If so, it just ignores the parts < 4 bit and returns the address thereby locking the BE session to the client's specific IPv6 address.
Notes:
To really do this cleanly, there should be a proper IPv6 aware implementation of BE session locking and something like a 'lock to prefix' which would make a lot more sense in an IPv6 context than the current 'parts'. I'm not sufficiently up to speed on core development to rework this part entirely without breaking things elsewhere.
Best regards,
Bas
More information about the TYPO3-team-core
mailing list