2005-11-11 Sebastian Kurfuerst <sebastian@garbage-group.de>
authorSebastian Kurfürst <sebastian.kurfuerst@typo3.org>
Sat, 12 Nov 2005 00:23:15 +0000 (00:23 +0000)
committerSebastian Kurfürst <sebastian.kurfuerst@typo3.org>
Sat, 12 Nov 2005 00:23:15 +0000 (00:23 +0000)
* New feature #1519: new option for lockSSL: get redirected to
standard http after BE login with SSL
* Fixed bug #1624: Copying of a file in the same folder in the
"Filelist" module dosen't work
* Feature request #1706: add "save + close" button in RTE wizard

git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@857 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
t3lib/class.t3lib_clipboard.php
t3lib/class.t3lib_tsfebeuserauth.php
t3lib/class.t3lib_userauth.php
t3lib/config_default.php
typo3/init.php
typo3/wizard_rte.php

index 2c2fdac..f38fe39 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,8 +1,14 @@
+2005-11-11  Sebastian Kurfuerst  <sebastian@garbage-group.de>
+
+       * New feature #1519: new option for lockSSL: get redirected to standard http after BE login with SSL
+       * Fixed bug #1624: Copying of a file in the same folder in the "Filelist" module dosen't work
+       * Feature request #1706: add "save + close" button in RTE wizard
+
 2005-11-09  Rupert Germann  <rupi@gmx.li>
 
        * fix for function getBorderAttr: closes bugs 1360 and 1461
 
-2005-11-09     Sebastian Kurfuerst     <sebastian@garbage-group.de>
+2005-11-09  Sebastian Kurfuerst  <sebastian@garbage-group.de>
 
        * New feature #1577: display clickmenus with XMLHTTP / ajax
        * Fixed bug 1066: Shortcut to a invisible page leads to a frontend error
@@ -12,7 +18,7 @@
        * Made TCEForms put <label> tags around icons for moving/deleting repetitive Flexform items
        * Removed annoying feature of typo3/tab.js to focus the textarea
 
-2005-11-08     Sebastian Kurfuerst     <sebastian@garbage-group.de>
+2005-11-08  Sebastian Kurfuerst  <sebastian@garbage-group.de>
 
        * Fixed bug #586: User Admin can't create new user
        * Fixed bug #1293: TCAdefaults.pages.doktype is not recognized by the wizard "Create new pages"
index 7034d17..32a906c 100755 (executable)
@@ -970,7 +970,7 @@ class t3lib_clipboard {
                        // Traverse elements and make CMD array
                reset($elements);
                while(list($tP,$path)=each($elements))  {
-                       $FILE[$mode][]=array('data'=>$path,'target'=>$pUid);
+                       $FILE[$mode][]=array('data'=>$path,'target'=>$pUid,'altName'=>1);
                        if ($mode=='move')      $this->removeElement($tP);
                }
                $this->endClipboard();
index d1c8c7a..7251bb6 100755 (executable)
@@ -653,7 +653,7 @@ class t3lib_tsfeBeUserAuth extends t3lib_beUserAuth {
                // **********************
                // Check SSL (https)
                // **********************
-               if (intval($TYPO3_CONF_VARS['BE']['lockSSL']))  {
+               if (intval($TYPO3_CONF_VARS['BE']['lockSSL']) && $TYPO3_CONF_VARS['BE']['lockSSL'] != 3)        {
                        if (!t3lib_div::getIndpEnv('TYPO3_SSL'))        {
                                return FALSE;
                        }
index 2957374..e5390ef 100755 (executable)
@@ -496,6 +496,13 @@ class t3lib_userAuth {
                        if ($this->writeDevLog && $activeLogin)         t3lib_div::devLog('User '.$tempuser[$this->username_column].' logged in from '.t3lib_div::getIndpEnv('REMOTE_ADDR').' ('.t3lib_div::getIndpEnv('REMOTE_HOST').')', 't3lib_userAuth', -1);
                        if ($this->writeDevLog && !$activeLogin)        t3lib_div::devLog('User '.$tempuser[$this->username_column].' authenticated from '.t3lib_div::getIndpEnv('REMOTE_ADDR').' ('.t3lib_div::getIndpEnv('REMOTE_HOST').')', 't3lib_userAuth', -1);
 
+                       if($GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] == 3 && $this->user_table == 'be_users')        {
+                               $requestStr = substr(t3lib_div::getIndpEnv('TYPO3_REQUEST_SCRIPT'), strlen(t3lib_div::getIndpEnv('TYPO3_SITE_URL').TYPO3_mainDir));
+                               if($requestStr == 'alt_main.php' && t3lib_div::getIndpEnv('TYPO3_SSL')) {
+                                       list(,$url) = explode('://',t3lib_div::getIndpEnv('TYPO3_SITE_URL'),2);
+                                       header('Location: http://'.$url.TYPO3_mainDir.'alt_main.php');
+                               }
+                       }
 
                } elseif ($activeLogin OR count($tempuserArr)) {
                        $this->loginFailure = TRUE;
index ab5974a..2692d6d 100755 (executable)
@@ -117,7 +117,7 @@ $TYPO3_CONF_VARS = Array(
                'sessionTimeout' => 3600,                               // Integer, seconds. Session time out for backend users. Default is 3600 seconds = 1 hour.
                'IPmaskList' => '',                                             // String. Lets you define a list of IP-numbers (with *-wildcards) that are the ONLY ones allowed access to ANY backend activity. On error an error header is sent and the script exits. Works like IP masking for users configurable through TSconfig. See syntax for that (or look up syntax for the function t3lib_div::cmpIP())
                'lockBeUserToDBmounts' => 1,                    // Boolean. If set, the backend user is allowed to work only within his page-mount. It's advisable to leave this on because it makes security easy to manage.
-               'lockSSL' => 0,                                                 // Int. 0,1,2: If set (1+2), the backend can only be operated from an ssl-encrypted connection (https). Set to 2 you will be redirected to the https admin-url supposed to be the http-url, but with https scheme instead.
+               'lockSSL' => 0,                                                 // Int. 0,1,2,3: If set (1+2+3), the backend can only be operated from an ssl-encrypted connection (https). Set to 2 you will be redirected to the https admin-url supposed to be the http-url, but with https scheme instead. If set to 3, only the login is forced to SSL, then the user switches back to non-SSL-mode
                'enabledBeUserIPLock' => 1,                             // Boolean. If set, the User/Group TSconfig option 'option.lockToIP' is enabled.
                'loginSecurityLevel' => '',                             // String. Keywords that determines the security level of login to the backend. "normal" means the password from the login form is sent in clear-text, "challenged" means the password is not sent but hashed with some other values, "superchallenged" (default) means the password is first hashed before being hashed with the challenge values again (means the password is stored as a hashed string in the database also). DO NOT CHANGE this value manually; without an alternative authentication service it will only prevent logins in TYPO3 since the "superchallenged" method is hardcoded in the default authentication system.
                'adminOnly' => 0,                                               // Int. If set (>=1), the only "admin" users can log in to the backend. If "<=-1" then the backend is totally shut down! For maintenance purposes.
index 87da97e..758df79 100755 (executable)
@@ -181,8 +181,14 @@ if (trim($TYPO3_CONF_VARS['BE']['IPmaskList']))    {
 // Check SSL (https)
 // **********************
 if (intval($TYPO3_CONF_VARS['BE']['lockSSL'])) {
-       if (!t3lib_div::getIndpEnv('TYPO3_SSL'))        {
-               if ($TYPO3_CONF_VARS['BE']['lockSSL']==2)       {
+       if ($TYPO3_CONF_VARS['BE']['lockSSL'] == 3)     {
+               $requestStr = substr(t3lib_div::getIndpEnv('TYPO3_REQUEST_SCRIPT'), strlen(t3lib_div::getIndpEnv('TYPO3_SITE_URL').TYPO3_mainDir));
+               if($requestStr == 'index.php' && !t3lib_div::getIndpEnv('TYPO3_SSL'))   {
+                       list(,$url) = explode('://',t3lib_div::getIndpEnv('TYPO3_REQUEST_URL'),2);
+                       header('Location: https://'.$url);
+               }
+       } elseif (!t3lib_div::getIndpEnv('TYPO3_SSL') ) {
+               if ($TYPO3_CONF_VARS['BE']['lockSSL'] == 2)     {
                        list(,$url) = explode('://',t3lib_div::getIndpEnv('TYPO3_SITE_URL').TYPO3_mainDir,2);
                        header('Location: https://'.$url);      // Just point us away from here...
                } else {
index 82937f7..7172d3d 100755 (executable)
@@ -206,6 +206,8 @@ class SC_wizard_rte {
                                        '<img'.t3lib_iconWorks::skinImg($this->doc->backPath,'gfx/savedokshow.gif','width="21" height="16"').' class="c-inputButton" title="'.$LANG->sL('LLL:EXT:lang/locallang_core.php:rm.saveDocShow',1).'" alt="" />'.
                                        '</a>';
                        }
+                               // Save/Close:
+                       $toolBarButtons[] = '<input type="image" class="c-inputButton" onclick="'.htmlspecialchars('document.editform.redirect.value=\''.$closeUrl.'\'; TBE_EDITOR_checkAndDoSubmit(1); return false;').'" name="_saveandclosedok"'.t3lib_iconWorks::skinImg($this->doc->backPath,'gfx/saveandclosedok.gif','').' title="'.$LANG->sL('LLL:EXT:lang/locallang_core.php:rm.saveCloseDoc',1).'" />';
                                // Close:
                        $toolBarButtons[]=
                                        '<a href="#" onclick="'.htmlspecialchars('jumpToUrl(unescape(\''.rawurlencode($closeUrl).'\')); return false;').'">'.