Fixed bug #10266: No user authentication for >1 TYPO3 installation under one domain...
authorChristian Kuhn <lolli@schwarzbu.ch>
Wed, 8 Apr 2009 19:48:27 +0000 (19:48 +0000)
committerChristian Kuhn <lolli@schwarzbu.ch>
Wed, 8 Apr 2009 19:48:27 +0000 (19:48 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@5301 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
misc/phpcheck/incfile.php
t3lib/class.t3lib_div.php
t3lib/class.t3lib_userauth.php
tests/t3lib/t3lib_div_testcase.php
typo3/sysext/cms/tslib/class.tslib_fe.php
typo3/sysext/install/mod/class.tx_install.php

index 198ea0f..6169c36 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2009-04-08  Christian Kuhn  <lolli@schwarzbu.ch>
+
+       * Fixed bug #10266: No user authentication for >1 TYPO3 installation under one domain (Thanks to Marcus Krause)
+
 2009-04-07  Christian Kuhn  <lolli@schwarzbu.ch>
 
        * Fixed bug #10737: Add xmlns attribute to html tag in backend
index 5fe3932..e159ff3 100755 (executable)
@@ -4,10 +4,10 @@ if (1==0 || ($_SERVER['REMOTE_ADDR']!='127.0.0.1'))   {
        die('In the source distribution of TYPO3, this script is disabled by a die() function call.<br/><b>Fix:</b> Open the file misc/phpcheck/incfile.php and remove/out-comment the line that outputs this message!');
 }
 
-SetCookie('test_script_cookie', 'Cookie Value!', 0, '/');
-
 include('../../t3lib/class.t3lib_div.php');
 
+SetCookie('test_script_cookie', 'Cookie Value!', 0, t3lib_div::getIndpEnv('TYPO3_SITE_PATH'));
+
 error_reporting (E_ALL ^ E_NOTICE);
 
 define("TYPO3_OS", stristr(PHP_OS,"win")&&!stristr(PHP_OS,"darwin")?"WIN":"");
index e0c4054..3040adf 100644 (file)
@@ -3544,6 +3544,7 @@ final class t3lib_div {
                                TYPO3_REQUEST_SCRIPT =          [scheme]://[host][:[port]][path_script]
                                TYPO3_REQUEST_DIR =             [scheme]://[host][:[port]][path_dir]
                                TYPO3_SITE_URL =                [scheme]://[host][:[port]][path_dir] of the TYPO3 website frontend
+                               TYPO3_SITE_PATH =               [path_dir] of the TYPO3 website frontend
                                TYPO3_SITE_SCRIPT =             [script / Speaking URL] of the TYPO3 website
                                TYPO3_DOCUMENT_ROOT =           Absolute path of root of documents: TYPO3_DOCUMENT_ROOT.SCRIPT_NAME = SCRIPT_FILENAME (typically)
                                TYPO3_SSL =                     Returns TRUE if this session uses SSL/TLS (https)
@@ -3713,6 +3714,9 @@ final class t3lib_div {
                                        $retVal = $siteUrl;
                                }
                        break;
+                       case 'TYPO3_SITE_PATH':
+                               $retVal = substr(t3lib_div::getIndpEnv('TYPO3_SITE_URL'), strlen(t3lib_div::getIndpEnv('TYPO3_REQUEST_HOST')));
+                       break;
                        case 'TYPO3_SITE_SCRIPT':
                                $retVal = substr(t3lib_div::getIndpEnv('TYPO3_REQUEST_URL'),strlen(t3lib_div::getIndpEnv('TYPO3_SITE_URL')));
                        break;
index e11338a..d269ffc 100644 (file)
@@ -284,7 +284,7 @@ class t3lib_userAuth {
                                if ($cookieDomain)      {
                                        SetCookie($this->name, $id, 0, '/', $cookieDomain);
                                } else {
-                                       SetCookie($this->name, $id, 0, '/');
+                                       SetCookie($this->name, $id, 0, t3lib_div::getIndpEnv('TYPO3_SITE_PATH'));
                                }
                                if ($this->writeDevLog)         t3lib_div::devLog('Set new Cookie: '.$id.($cookieDomain ? ', '.$cookieDomain : ''), 't3lib_userAuth');
                        }
@@ -296,7 +296,7 @@ class t3lib_userAuth {
                                if ($cookieDomain)      {
                                        SetCookie($this->name, $id, time()+$this->lifetime, '/', $cookieDomain);
                                } else {
-                                       SetCookie($this->name, $id, time()+$this->lifetime, '/');
+                                       SetCookie($this->name, $id, time()+$this->lifetime, t3lib_div::getIndpEnv('TYPO3_SITE_PATH'));
                                }
                                if ($this->writeDevLog)         t3lib_div::devLog('Update Cookie: '.$id.($cookieDomain ? ', '.$cookieDomain : ''), 't3lib_userAuth');
                        }
index da57fac..35b063d 100644 (file)
@@ -120,6 +120,16 @@ class t3lib_div_testcase extends tx_phpunit_testcase {
                        t3lib_div::getBytesFromSizeMeasurement('100g')
                );
        }
+
+       /**
+        * @test
+        */
+       public function checkIndpEnvTypo3SitePathNotEmpty() {
+               $actualEnv = t3lib_div::getIndpEnv('TYPO3_SITE_PATH');
+               $this->assertTrue(strlen($actualEnv) >= 1);
+               $this->assertEquals('/', $actualEnv{0});
+               $this->assertEquals('/', $actualEnv{strlen($actualEnv) - 1});
+       }
 }
 
 ?>
\ No newline at end of file
index 3a7b983..44a2f5a 100644 (file)
@@ -1693,7 +1693,7 @@ require_once (PATH_t3lib.'class.t3lib_lock.php');
                if ($inputCode) {
 
                        if ($inputCode=='LOGOUT') {     // "log out":
-                               SetCookie('ADMCMD_prev', '', 0);
+                               SetCookie('ADMCMD_prev', '', 0, t3lib_div::getIndpEnv('TYPO3_SITE_PATH'));
                                if ($this->TYPO3_CONF_VARS['FE']['workspacePreviewLogoutTemplate'])     {
                                        if (@is_file(PATH_site.$this->TYPO3_CONF_VARS['FE']['workspacePreviewLogoutTemplate'])) {
                                                $message = t3lib_div::getUrl(PATH_site.$this->TYPO3_CONF_VARS['FE']['workspacePreviewLogoutTemplate']);
@@ -1730,7 +1730,7 @@ require_once (PATH_t3lib.'class.t3lib_lock.php');
 
                                                        // If ADMCMD_prev is set the $inputCode value cannot come from a cookie and we set that cookie here. Next time it will be found from the cookie if ADMCMD_prev is not set again...
                                                if (t3lib_div::_GP('ADMCMD_prev'))      {
-                                                       SetCookie('ADMCMD_prev', t3lib_div::_GP('ADMCMD_prev'), 0);     // Lifetime is 1 hour, does it matter much? Requires the user to click the link from their email again if it expires.
+                                                       SetCookie('ADMCMD_prev', t3lib_div::_GP('ADMCMD_prev'), 0, t3lib_div::getIndpEnv('TYPO3_SITE_PATH'));   // Lifetime is 1 hour, does it matter much? Requires the user to click the link from their email again if it expires.
                                                }
                                                return $previewConfig;
                                        } elseif (t3lib_div::getIndpEnv('TYPO3_SITE_URL').'index.php?ADMCMD_prev='.$inputCode === t3lib_div::getIndpEnv('TYPO3_REQUEST_URL'))   {
index 0f7b120..e65cce9 100755 (executable)
@@ -294,7 +294,7 @@ class tx_install extends t3lib_install {
                $uKey = $_COOKIE[$this->cookie_name.'_key'];
                if (!$uKey)     {
                        $uKey = md5(uniqid(microtime()));
-                       SetCookie($this->cookie_name.'_key', $uKey, 0, '/');            // Cookie is set
+                       SetCookie($this->cookie_name.'_key', $uKey, 0, t3lib_div::getIndpEnv('TYPO3_SITE_PATH'));       // Cookie is set
 
                        $this->JSmessage='SECURITY:
 Make sure to protect the Install Tool with another password than "joh316".
@@ -333,7 +333,7 @@ BTW: This Install Tool will only work if cookies are accepted by your web browse
 
                if ($p && md5($p)==$GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'])    {
                        $sKey = md5($GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'].'|'.$uKey);
-                       SetCookie($this->cookie_name, $sKey, 0, '/');
+                       SetCookie($this->cookie_name, $sKey, 0, t3lib_div::getIndpEnv('TYPO3_SITE_PATH'));
 
                                // Sending warning email
                        $wEmail = $GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr'];