Commit 2feb47b8 authored by Kasper Skårhøj's avatar Kasper Skårhøj
Browse files

* Added Bernhard Krafts security improvement for server validated challenge value.
* Added "Esperanto" as language - now we are at 41 backend languages.
* Made a change to how cache-control headers are sent. Thanks to Ole Tange, FI, Denmark


git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@592 709f56b5-9817-0410-a4d7-c38de5d9e867
parent b54b40db
2005-04-01 Kasper Skårhøj,,, <kasper@typo3.com>
* Added Bernhard Krafts security improvement for server validated challenge value.
* Added "Esperanto" as language - now we are at 41 backend languages.
* Made a change to how cache-control headers are sent. Thanks to Ole Tange, FI, Denmark
2005-04-01 Michael Stucki <michael@typo3.org>
* Display empty tag contents in the backend (e.g. <link email@hostname.com></link>)
......
......@@ -105,7 +105,7 @@ class t3lib_beUserAuth extends t3lib_userAuthGroup {
var $auth_timeout_field = 6000; // if > 0 : session-timeout in seconds. if false/<0 : no timeout. if string: The string is fieldname from the usertable where the timeout can be found.
var $lifetime = 0; // 0 = Session-cookies. If session-cookies, the browser will stop session when the browser is closed. Else it keeps the session for $lifetime seconds.
var $challengeStoredInCookie = TRUE;
// User Config:
......
......@@ -446,6 +446,7 @@ class t3lib_cs {
'ca' => 'iso-8859-15',
'ba' => 'iso-8859-2',
'kr' => 'euc-kr',
'eo' => 'utf-8',
);
// TYPO3 specific: Array with the iso names used for each system language in TYPO3:
......
......@@ -143,6 +143,7 @@ class t3lib_userAuth {
var $forceSetCookie=0; // Will force the session cookie to be set everytime (lifetime must be 0)
var $dontSetCookie=0; // Will prevent the setting of the session cookie (takes precedence over forceSetCookie)
var $challengeStoredInCookie=0; // If set, the challenge value will be stored in a session as well so the server can check that is was not forged.
/**
......@@ -311,6 +312,15 @@ class t3lib_userAuth {
switch ($this->security_level) {
case 'superchallenged': // If superchallenged the password in the database ($tempuser[$this->userident_column]) must be a md5-hash of the original password.
case 'challenged':
if ($this->challengeStoredInCookie) {
session_start();
if ($_SESSION['login_challenge'] !== $F_chalvalue) {
$this->logoff();
return 'login';
}
}
if (!strcmp($F_uident,md5($tempuser[$this->username_column].':'.$tempuser[$this->userident_column].':'.$F_chalvalue))) {
$OK = true;
};
......
......@@ -258,7 +258,7 @@ define('TYPO3_extTableDef_script', $typo_db_extTableDef_script);
// - Kickstarter wizard (ext/kickstarter/modfunc1/class.tx_kickstarter_wizard.php)
// - Add character encoding for lang key in t3lib/class.t3lib_cs.php
// - Add "csh_[key]" language pack and setup all core ll-XML scripts to point to XML files inside of that.
define('TYPO3_languages', 'default|dk|de|no|it|fr|es|nl|cz|pl|si|fi|tr|se|pt|ru|ro|ch|sk|lt|is|hr|hu|gl|th|gr|hk|eu|bg|br|et|ar|he|ua|lv|jp|vn|ca|ba|kr');
define('TYPO3_languages', 'default|dk|de|no|it|fr|es|nl|cz|pl|si|fi|tr|se|pt|ru|ro|ch|sk|lt|is|hr|hu|gl|th|gr|hk|eu|bg|br|et|ar|he|ua|lv|jp|vn|ca|ba|kr|eo');
// Unsetting the configured values. Use of these are depreciated.
unset($typo_db);
......
......@@ -287,6 +287,7 @@ $TCA['be_users'] = Array (
Array('Danish', 'dk'),
Array('Dutch', 'nl'),
Array('Estonian', 'et'),
Array('Esperanto', 'eo'),
Array('Finnish', 'fi'),
Array('French', 'fr'),
Array('German', 'de'),
......
......@@ -205,12 +205,16 @@ class SC_index {
// Ending form:
$this->content.= '
<input type="hidden" name="userident" value="" />
<input type="hidden" name="challenge" value="'.md5(uniqid('')).'" />
<input type="hidden" name="challenge" value="'.($challenge = md5(uniqid('').getmypid())).'" />
<input type="hidden" name="redirect_url" value="'.htmlspecialchars($this->redirectToURL).'" />
<input type="hidden" name="loginRefresh" value="'.htmlspecialchars($this->loginRefresh).'" />
'.$this->interfaceSelector_hidden.'
';
// Save challenge value in session data (thanks to Bernhard Kraft for providing code):
session_start();
$_SESSION['login_challenge'] = $challenge;
// This moves focus to the right input field:
$this->content.=$TBE_TEMPLATE->wrapScriptTags('
......
......@@ -2620,8 +2620,10 @@ if (version == "n3") {
$headers = array(
#'Last-Modified: '.gmdate('D, d M Y H:i:s T', $this->register['SYS_LASTCHANGED']),
#'ETag: '.md5($this->content),
'Cache-Control: no-cache',
'Pragma: no-cache',
#'Cache-Control: no-cache',
#'Pragma: no-cache',
'Cache-Control: private', // Changed to this according to Ole Tange, FI.dk
);
$this->isClientCachable = FALSE;
......
......@@ -53,6 +53,7 @@
<label index="lang_ca">Catalan</label>
<label index="lang_ba">Bosnian</label>
<label index="lang_kr">Korean</label>
<label index="lang_eo">Esperanto</label>
<label index="default">Default</label>
<label index="simulate">Simulate backend user</label>
<label index="opening">Startup</label>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment