Commit 895a8efe authored by Kasper Skårhøj's avatar Kasper Skårhøj
Browse files

*** empty log message ***


git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@126 709f56b5-9817-0410-a4d7-c38de5d9e867
parent 11de7304
......@@ -818,7 +818,7 @@ DB->HTML
- Basically this is an rsync/ftp sync question which requires a set of static files.
- Also a "mixed mode" concept where static files not found are server dynamically by TYPO3, but where the TYPO3 install does NOT allow backend access at all - only frontend delivery.
Two situation:
Two situations:
- Publish static for local server, using mod_rewrite to direct requests transparently (static/dynamic). So all *.html requests WILL be found, static or dynamically! (Static/Dynamic blend)
- Publish static for FTP server. All *.html requests MUST exist. (Purely static, limitations acceptable.)
......
......@@ -163,12 +163,12 @@ class t3lib_beUserAuth extends t3lib_userAuthGroup {
*/
function checkLockToIP() {
global $TYPO3_CONF_VARS;
$out=1;
$out = 1;
if ($TYPO3_CONF_VARS['BE']['enabledBeUserIPLock']) {
$IPList = $this->getTSConfigVal('options.lockToIP');
if (trim($IPList)) {
$baseIP = t3lib_div::getIndpEnv('REMOTE_ADDR');
$out=t3lib_div::cmpIP($baseIP, $IPList);
$out = t3lib_div::cmpIP($baseIP, $IPList);
}
}
return $out;
......
......@@ -519,6 +519,24 @@ class t3lib_parsehtml {
if (strcmp($params['removeIfEquals'],'') && !strcmp($this->caseShift($tagAttrib[0][$attr],$params['casesensitiveComp']),$this->caseShift($params['removeIfEquals'],$params['casesensitiveComp']))) {
unset($tagAttrib[0][$attr]);
}
if ($params['prefixLocalAnchors']) {
if (substr($tagAttrib[0][$attr],0,1)=='#') {
$prefix = t3lib_div::getIndpEnv('TYPO3_REQUEST_URL');
$tagAttrib[0][$attr] = $prefix.$tagAttrib[0][$attr];
if ($params['prefixLocalAnchors']==2 && t3lib_div::isFirstPartOfStr($prefix,t3lib_div::getIndpEnv('TYPO3_SITE_URL'))) {
$tagAttrib[0][$attr] = substr($tagAttrib[0][$attr],strlen(t3lib_div::getIndpEnv('TYPO3_SITE_URL')));
}
}
}
if ($params['prefixRelPathWith']) {
$urlParts = parse_url($tagAttrib[0][$attr]);
if (!$urlParts['scheme'] && substr($urlParts['path'],0,1)!='/') { // If it is NOT an absolute URL (by http: or starting "/")
$tagAttrib[0][$attr] = $params['prefixRelPathWith'].$tagAttrib[0][$attr];
}
}
if ($params['userFunc']) {
$tagAttrib[0][$attr] = t3lib_div::callUserFunction($params['userFunc'],$tagAttrib[0][$attr],$this);
}
}
}
$tagParts[1]=$this->compileTagAttribs($tagAttrib[0],$tagAttrib[1]);
......
......@@ -603,6 +603,49 @@ class t3lib_tsfeBeUserAuth extends t3lib_beUserAuth {
*
****************************************************/
/**
* Implementing the access checks that the typo3/init.php script does before a user is ever logged in.
* Used in the frontend.
*
* @return boolean Returns true if access is OK
* @see typo3/init.php, t3lib_beuserauth::backendCheckLogin()
*/
function checkBackendAccessSettingsFromInitPhp() {
global $TYPO3_CONF_VARS;
// **********************
// Check Hardcoded lock on BE:
// **********************
if ($TYPO3_CONF_VARS['BE']['adminOnly'] < 0) {
return FALSE;
}
// **********************
// Check IP
// **********************
if (trim($TYPO3_CONF_VARS['BE']['IPmaskList'])) {
if (!t3lib_div::cmpIP(t3lib_div::getIndpEnv('REMOTE_ADDR'), $TYPO3_CONF_VARS['BE']['IPmaskList'])) {
return FALSE;
}
}
// **********************
// Check SSL (https)
// **********************
if (intval($TYPO3_CONF_VARS['BE']['lockSSL'])) {
if (!$HTTP_SERVER_VARS['SSL_SESSION_ID']) {
return FALSE;
}
}
// Finally a check from t3lib_beuserauth::backendCheckLogin()
if (!$TYPO3_CONF_VARS['BE']['adminOnly'] || $this->isAdmin()) {
return TRUE;
} else return FALSE;
}
/**
* Evaluates if the Backend User has read access to the input page record.
* The evaluation is based on both read-permission and whether the page is found in one of the users webmounts. Only if both conditions are true will the function return true.
......
......@@ -102,7 +102,7 @@ $TYPO3_CONF_VARS = Array(
'warning_email_addr' => '', // Email-address that will receive a warning if there has been failed logins 4 times within an hour (all users).
'warning_mode' => '', // Bit 1: If set, warning_email_addr gets a mail everytime a user logs in. Bit 2: If set, a mail is sent if an ADMIN user logs in! Other bits reserved for future options.
'IPmaskList' => '', // String. Lets you define a list of IP-numbers (with *-wildcards) that are the ONLY ones allowed access to ANY backend activity. On error an error header is sent and the script exits. Works like IP masking for users configurable through TSconfig. See syntax for that (or look up syntax for the function t3lib_div::cmpIP())
'adminOnly' => 0, // Boolean. If set, the only "admin" users can log in to the backend. For maintenance purposes.
'adminOnly' => 0, // Boolean. If set (>=1), the only "admin" users can log in to the backend. If "<=-1" then the backend is totally shut down! For maintenance purposes.
'lockBeUserToDBmounts' => 1, // Boolean. If set, the backend user is allowed to work only within his page-mount. It's advisable to leave this on because it makes security easy to manage.
'lockSSL' => 0, // Int. 0,1,2: If set (1+2), the backend can only be operated from an ssl-encrypted connection (https). Set to 2 you will be redirected to the https admin-url supposed to be the http-url, but with https scheme instead.
'disable_exec_function' => 0, // Boolean. Don't use exec() function (except for ImageMagick which is disabled by [GFX][im]=0). If set, all fileoperations are done by the default PHP-functions. This is nescessary under windows! On UNIX the system commands by exec() can be used, unless this is disabled.
......
......@@ -152,6 +152,15 @@ require_once (PATH_t3lib.'class.t3lib_iconworks.php');
require_once (PATH_t3lib.'class.t3lib_befunc.php');
require_once (PATH_t3lib.'class.t3lib_cs.php');
// **********************
// Check Hardcoded lock on BE:
// **********************
if ($TYPO3_CONF_VARS['BE']['adminOnly'] < 0) {
header('Status: 404 Not Found'); // Send Not Found header - if the webserver can make use of it...
header('Location: http://'); // Just point us away from here...
exit; // ... and exit good!
}
// **********************
// Check IP
// **********************
......
......@@ -1044,9 +1044,10 @@
// Setting these specifically (like in the init-function):
if (isset($GET_VARS['type'])) $this->type = $GET_VARS['type'];
if (isset($GET_VARS['cHash'])) $this->cHash = $GET_VARS['cHash'];
if (isset($GET_VARS['no_cache'])) $this->no_cache = $GET_VARS['no_cache'] ? 1 : 0;
if (isset($GET_VARS['jumpurl'])) $this->jumpurl = $GET_VARS['jumpurl'];
if (isset($GET_VARS['MP'])) $this->MP = $this->TYPO3_CONF_VARS['FE']['enable_mount_pids'] ? $GET_VARS['MP'] : '';
if (isset($GET_VARS['no_cache']) && $GET_VARS['no_cache']) $this->set_no_cache();
}
}
......
......@@ -177,7 +177,7 @@ if ($HTTP_COOKIE_VARS['be_typo_user']) { // If the backend cookie is set, we pr
$BE_USER->fetchGroupData();
$TSFE->beUserLogin=1;
}
if ($BE_USER->checkLockToIP()) {
if ($BE_USER->checkLockToIP() && $BE_USER->checkBackendAccessSettingsFromInitPhp()) {
$BE_USER->extInitFeAdmin();
if ($BE_USER->extAdmEnabled) {
require_once(t3lib_extMgm::extPath('lang').'lang.php');
......@@ -218,7 +218,7 @@ if ($HTTP_COOKIE_VARS['be_typo_user']) { // If the backend cookie is set, we pr
}
}
if ($TSFE->forceTemplateParsing || $TSFE->displayEditIcons || $TSFE->displayFieldEditIcons) {$TSFE->set_no_cache();}
if ($TSFE->forceTemplateParsing || $TSFE->displayEditIcons || $TSFE->displayFieldEditIcons) { $TSFE->set_no_cache(); }
}
// $WEBMOUNTS = (string)($BE_USER->groupData['webmounts'])!='' ? explode(',',$BE_USER->groupData['webmounts']) : Array();
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment