Fixed bug #10266: No user authentication for >1 TYPO3 installation under one domain...
authorChristian Kuhn <lolli@schwarzbu.ch>
Wed, 8 Apr 2009 19:48:14 +0000 (19:48 +0000)
committerChristian Kuhn <lolli@schwarzbu.ch>
Wed, 8 Apr 2009 19:48:14 +0000 (19:48 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-2@5300 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
misc/phpcheck/incfile.php
t3lib/class.t3lib_div.php
t3lib/class.t3lib_userauth.php
typo3/sysext/cms/tslib/class.tslib_fe.php
typo3/sysext/install/mod/class.tx_install.php

index ca7dadc..4a5d3c9 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2009-04-08  Christian Kuhn  <lolli@schwarzbu.ch>
+
+       * Fixed bug #10266: No user authentication for >1 TYPO3 installation under one domain (Thanks to Marcus Krause)
+
 2009-04-06  Stanislas Rolland  <typo3@sjbr.ca>
 
        * Follow-up to issue #10834: htmlArea RTE: IE8 now uses standard name for DOM class attribute
index 5fe3932..e159ff3 100755 (executable)
@@ -4,10 +4,10 @@ if (1==0 || ($_SERVER['REMOTE_ADDR']!='127.0.0.1'))   {
        die('In the source distribution of TYPO3, this script is disabled by a die() function call.<br/><b>Fix:</b> Open the file misc/phpcheck/incfile.php and remove/out-comment the line that outputs this message!');
 }
 
-SetCookie('test_script_cookie', 'Cookie Value!', 0, '/');
-
 include('../../t3lib/class.t3lib_div.php');
 
+SetCookie('test_script_cookie', 'Cookie Value!', 0, t3lib_div::getIndpEnv('TYPO3_SITE_PATH'));
+
 error_reporting (E_ALL ^ E_NOTICE);
 
 define("TYPO3_OS", stristr(PHP_OS,"win")&&!stristr(PHP_OS,"darwin")?"WIN":"");
index a42c620..d2a6915 100755 (executable)
@@ -3417,6 +3417,7 @@ final class t3lib_div {
                                TYPO3_REQUEST_SCRIPT =          [scheme]://[host][:[port]][path_script]
                                TYPO3_REQUEST_DIR =             [scheme]://[host][:[port]][path_dir]
                                TYPO3_SITE_URL =                [scheme]://[host][:[port]][path_dir] of the TYPO3 website frontend
+                               TYPO3_SITE_PATH =               [path_dir] of the TYPO3 website frontend
                                TYPO3_SITE_SCRIPT =             [script / Speaking URL] of the TYPO3 website
                                TYPO3_DOCUMENT_ROOT =           Absolute path of root of documents: TYPO3_DOCUMENT_ROOT.SCRIPT_NAME = SCRIPT_FILENAME (typically)
                                TYPO3_SSL =                     Returns TRUE if this session uses SSL/TLS (https)
@@ -3586,6 +3587,9 @@ final class t3lib_div {
                                        $retVal = $siteUrl;
                                }
                        break;
+                       case 'TYPO3_SITE_PATH':
+                               $retVal = substr(t3lib_div::getIndpEnv('TYPO3_SITE_URL'), strlen(t3lib_div::getIndpEnv('TYPO3_REQUEST_HOST')));
+                       break;
                        case 'TYPO3_SITE_SCRIPT':
                                $retVal = substr(t3lib_div::getIndpEnv('TYPO3_REQUEST_URL'),strlen(t3lib_div::getIndpEnv('TYPO3_SITE_URL')));
                        break;
index a05c0ce..ce49d6c 100755 (executable)
@@ -275,7 +275,7 @@ class t3lib_userAuth {
                                if ($cookieDomain)      {
                                        SetCookie($this->name, $id, 0, '/', $cookieDomain);
                                } else {
-                                       SetCookie($this->name, $id, 0, '/');
+                                       SetCookie($this->name, $id, 0, t3lib_div::getIndpEnv('TYPO3_SITE_PATH'));
                                }
                                if ($this->writeDevLog)         t3lib_div::devLog('Set new Cookie: '.$id.($cookieDomain ? ', '.$cookieDomain : ''), 't3lib_userAuth');
                        }
@@ -287,7 +287,7 @@ class t3lib_userAuth {
                                if ($cookieDomain)      {
                                        SetCookie($this->name, $id, time()+$this->lifetime, '/', $cookieDomain);
                                } else {
-                                       SetCookie($this->name, $id, time()+$this->lifetime, '/');
+                                       SetCookie($this->name, $id, time()+$this->lifetime, t3lib_div::getIndpEnv('TYPO3_SITE_PATH'));
                                }
                                if ($this->writeDevLog)         t3lib_div::devLog('Update Cookie: '.$id.($cookieDomain ? ', '.$cookieDomain : ''), 't3lib_userAuth');
                        }
index fd81993..2293b46 100755 (executable)
@@ -1649,7 +1649,7 @@ require_once (PATH_t3lib.'class.t3lib_lock.php');
                if ($inputCode) {
 
                        if ($inputCode=='LOGOUT') {     // "log out":
-                               SetCookie('ADMCMD_prev', '', 0);
+                               SetCookie('ADMCMD_prev', '', 0, t3lib_div::getIndpEnv('TYPO3_SITE_PATH'));
                                if ($this->TYPO3_CONF_VARS['FE']['workspacePreviewLogoutTemplate'])     {
                                        if (@is_file(PATH_site.$this->TYPO3_CONF_VARS['FE']['workspacePreviewLogoutTemplate'])) {
                                                $message = t3lib_div::getUrl(PATH_site.$this->TYPO3_CONF_VARS['FE']['workspacePreviewLogoutTemplate']);
@@ -1686,7 +1686,7 @@ require_once (PATH_t3lib.'class.t3lib_lock.php');
 
                                                        // If ADMCMD_prev is set the $inputCode value cannot come from a cookie and we set that cookie here. Next time it will be found from the cookie if ADMCMD_prev is not set again...
                                                if (t3lib_div::_GP('ADMCMD_prev'))      {
-                                                       SetCookie('ADMCMD_prev', t3lib_div::_GP('ADMCMD_prev'), 0);     // Lifetime is 1 hour, does it matter much? Requires the user to click the link from their email again if it expires.
+                                                       SetCookie('ADMCMD_prev', t3lib_div::_GP('ADMCMD_prev'), 0, t3lib_div::getIndpEnv('TYPO3_SITE_PATH'));   // Lifetime is 1 hour, does it matter much? Requires the user to click the link from their email again if it expires.
                                                }
                                                return $previewConfig;
                                        } elseif (t3lib_div::getIndpEnv('TYPO3_SITE_URL').'index.php?ADMCMD_prev='.$inputCode === t3lib_div::getIndpEnv('TYPO3_REQUEST_URL'))   {
index bf8bf92..8ebb4b3 100755 (executable)
@@ -292,7 +292,7 @@ class tx_install extends t3lib_install {
                $uKey = $_COOKIE[$this->cookie_name.'_key'];
                if (!$uKey)     {
                        $uKey = md5(uniqid(microtime()));
-                       SetCookie($this->cookie_name.'_key', $uKey, 0, '/');            // Cookie is set
+                       SetCookie($this->cookie_name.'_key', $uKey, 0, t3lib_div::getIndpEnv('TYPO3_SITE_PATH'));       // Cookie is set
 
                        $this->JSmessage='SECURITY:
 Make sure to protect the Install Tool with another password than "joh316".
@@ -331,7 +331,7 @@ BTW: This Install Tool will only work if cookies are accepted by your web browse
 
                if ($p && md5($p)==$GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'])    {
                        $sKey = md5($GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'].'|'.$uKey);
-                       SetCookie($this->cookie_name, $sKey, 0, '/');
+                       SetCookie($this->cookie_name, $sKey, 0, t3lib_div::getIndpEnv('TYPO3_SITE_PATH'));
 
                                // Sending warning email
                        $wEmail = $GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr'];