From 895a8efe41a488f478b5ae770774f59da8c44b7b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Sk=C3=A5rh=C3=B8j?= <kasper@typo3.org>
Date: Fri, 30 Jan 2004 15:30:01 +0000
Subject: [PATCH] *** empty log message ***
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@126 709f56b5-9817-0410-a4d7-c38de5d9e867
---
TODO.txt | 2 +-
t3lib/class.t3lib_beuserauth.php | 4 +--
t3lib/class.t3lib_parsehtml.php | 18 ++++++++++
t3lib/class.t3lib_tsfebeuserauth.php | 43 +++++++++++++++++++++++
t3lib/config_default.php | 2 +-
typo3/init.php | 9 +++++
typo3/sysext/cms/tslib/class.tslib_fe.php | 3 +-
typo3/sysext/cms/tslib/index_ts.php | 4 +--
8 files changed, 78 insertions(+), 7 deletions(-)
diff --git a/TODO.txt b/TODO.txt
index 224af4d00911..88bbc99f7f3d 100755
--- a/TODO.txt
+++ b/TODO.txt
@@ -818,7 +818,7 @@ DB->HTML
- Basically this is an rsync/ftp sync question which requires a set of static files.
- Also a "mixed mode" concept where static files not found are server dynamically by TYPO3, but where the TYPO3 install does NOT allow backend access at all - only frontend delivery.
-Two situation:
+Two situations:
- Publish static for local server, using mod_rewrite to direct requests transparently (static/dynamic). So all *.html requests WILL be found, static or dynamically! (Static/Dynamic blend)
- Publish static for FTP server. All *.html requests MUST exist. (Purely static, limitations acceptable.)
diff --git a/t3lib/class.t3lib_beuserauth.php b/t3lib/class.t3lib_beuserauth.php
index aad517a057fa..52e0dbefcfb5 100644
--- a/t3lib/class.t3lib_beuserauth.php
+++ b/t3lib/class.t3lib_beuserauth.php
@@ -163,12 +163,12 @@ class t3lib_beUserAuth extends t3lib_userAuthGroup {
*/
function checkLockToIP() {
global $TYPO3_CONF_VARS;
- $out=1;
+ $out = 1;
if ($TYPO3_CONF_VARS['BE']['enabledBeUserIPLock']) {
$IPList = $this->getTSConfigVal('options.lockToIP');
if (trim($IPList)) {
$baseIP = t3lib_div::getIndpEnv('REMOTE_ADDR');
- $out=t3lib_div::cmpIP($baseIP, $IPList);
+ $out = t3lib_div::cmpIP($baseIP, $IPList);
}
}
return $out;
diff --git a/t3lib/class.t3lib_parsehtml.php b/t3lib/class.t3lib_parsehtml.php
index 3a16b83c631f..b5d5420567fe 100644
--- a/t3lib/class.t3lib_parsehtml.php
+++ b/t3lib/class.t3lib_parsehtml.php
@@ -519,6 +519,24 @@ class t3lib_parsehtml {
if (strcmp($params['removeIfEquals'],'') && !strcmp($this->caseShift($tagAttrib[0][$attr],$params['casesensitiveComp']),$this->caseShift($params['removeIfEquals'],$params['casesensitiveComp']))) {
unset($tagAttrib[0][$attr]);
}
+ if ($params['prefixLocalAnchors']) {
+ if (substr($tagAttrib[0][$attr],0,1)=='#') {
+ $prefix = t3lib_div::getIndpEnv('TYPO3_REQUEST_URL');
+ $tagAttrib[0][$attr] = $prefix.$tagAttrib[0][$attr];
+ if ($params['prefixLocalAnchors']==2 && t3lib_div::isFirstPartOfStr($prefix,t3lib_div::getIndpEnv('TYPO3_SITE_URL'))) {
+ $tagAttrib[0][$attr] = substr($tagAttrib[0][$attr],strlen(t3lib_div::getIndpEnv('TYPO3_SITE_URL')));
+ }
+ }
+ }
+ if ($params['prefixRelPathWith']) {
+ $urlParts = parse_url($tagAttrib[0][$attr]);
+ if (!$urlParts['scheme'] && substr($urlParts['path'],0,1)!='/') { // If it is NOT an absolute URL (by http: or starting "/")
+ $tagAttrib[0][$attr] = $params['prefixRelPathWith'].$tagAttrib[0][$attr];
+ }
+ }
+ if ($params['userFunc']) {
+ $tagAttrib[0][$attr] = t3lib_div::callUserFunction($params['userFunc'],$tagAttrib[0][$attr],$this);
+ }
}
}
$tagParts[1]=$this->compileTagAttribs($tagAttrib[0],$tagAttrib[1]);
diff --git a/t3lib/class.t3lib_tsfebeuserauth.php b/t3lib/class.t3lib_tsfebeuserauth.php
index 7d412d685403..210f819b6277 100755
--- a/t3lib/class.t3lib_tsfebeuserauth.php
+++ b/t3lib/class.t3lib_tsfebeuserauth.php
@@ -603,6 +603,49 @@ class t3lib_tsfeBeUserAuth extends t3lib_beUserAuth {
*
****************************************************/
+ /**
+ * Implementing the access checks that the typo3/init.php script does before a user is ever logged in.
+ * Used in the frontend.
+ *
+ * @return boolean Returns true if access is OK
+ * @see typo3/init.php, t3lib_beuserauth::backendCheckLogin()
+ */
+ function checkBackendAccessSettingsFromInitPhp() {
+ global $TYPO3_CONF_VARS;
+
+ // **********************
+ // Check Hardcoded lock on BE:
+ // **********************
+ if ($TYPO3_CONF_VARS['BE']['adminOnly'] < 0) {
+ return FALSE;
+ }
+
+ // **********************
+ // Check IP
+ // **********************
+ if (trim($TYPO3_CONF_VARS['BE']['IPmaskList'])) {
+ if (!t3lib_div::cmpIP(t3lib_div::getIndpEnv('REMOTE_ADDR'), $TYPO3_CONF_VARS['BE']['IPmaskList'])) {
+ return FALSE;
+ }
+ }
+
+
+ // **********************
+ // Check SSL (https)
+ // **********************
+ if (intval($TYPO3_CONF_VARS['BE']['lockSSL'])) {
+ if (!$HTTP_SERVER_VARS['SSL_SESSION_ID']) {
+ return FALSE;
+ }
+ }
+
+ // Finally a check from t3lib_beuserauth::backendCheckLogin()
+ if (!$TYPO3_CONF_VARS['BE']['adminOnly'] || $this->isAdmin()) {
+ return TRUE;
+ } else return FALSE;
+ }
+
+
/**
* Evaluates if the Backend User has read access to the input page record.
* The evaluation is based on both read-permission and whether the page is found in one of the users webmounts. Only if both conditions are true will the function return true.
diff --git a/t3lib/config_default.php b/t3lib/config_default.php
index 60be67f73858..01436019fb91 100755
--- a/t3lib/config_default.php
+++ b/t3lib/config_default.php
@@ -102,7 +102,7 @@ $TYPO3_CONF_VARS = Array(
'warning_email_addr' => '', // Email-address that will receive a warning if there has been failed logins 4 times within an hour (all users).
'warning_mode' => '', // Bit 1: If set, warning_email_addr gets a mail everytime a user logs in. Bit 2: If set, a mail is sent if an ADMIN user logs in! Other bits reserved for future options.
'IPmaskList' => '', // String. Lets you define a list of IP-numbers (with *-wildcards) that are the ONLY ones allowed access to ANY backend activity. On error an error header is sent and the script exits. Works like IP masking for users configurable through TSconfig. See syntax for that (or look up syntax for the function t3lib_div::cmpIP())
- 'adminOnly' => 0, // Boolean. If set, the only "admin" users can log in to the backend. For maintenance purposes.
+ 'adminOnly' => 0, // Boolean. If set (>=1), the only "admin" users can log in to the backend. If "<=-1" then the backend is totally shut down! For maintenance purposes.
'lockBeUserToDBmounts' => 1, // Boolean. If set, the backend user is allowed to work only within his page-mount. It's advisable to leave this on because it makes security easy to manage.
'lockSSL' => 0, // Int. 0,1,2: If set (1+2), the backend can only be operated from an ssl-encrypted connection (https). Set to 2 you will be redirected to the https admin-url supposed to be the http-url, but with https scheme instead.
'disable_exec_function' => 0, // Boolean. Don't use exec() function (except for ImageMagick which is disabled by [GFX][im]=0). If set, all fileoperations are done by the default PHP-functions. This is nescessary under windows! On UNIX the system commands by exec() can be used, unless this is disabled.
diff --git a/typo3/init.php b/typo3/init.php
index 85300436064c..0211ef46c61e 100755
--- a/typo3/init.php
+++ b/typo3/init.php
@@ -152,6 +152,15 @@ require_once (PATH_t3lib.'class.t3lib_iconworks.php');
require_once (PATH_t3lib.'class.t3lib_befunc.php');
require_once (PATH_t3lib.'class.t3lib_cs.php');
+// **********************
+// Check Hardcoded lock on BE:
+// **********************
+if ($TYPO3_CONF_VARS['BE']['adminOnly'] < 0) {
+ header('Status: 404 Not Found'); // Send Not Found header - if the webserver can make use of it...
+ header('Location: http://'); // Just point us away from here...
+ exit; // ... and exit good!
+}
+
// **********************
// Check IP
// **********************
diff --git a/typo3/sysext/cms/tslib/class.tslib_fe.php b/typo3/sysext/cms/tslib/class.tslib_fe.php
index 25789ed018b0..af5386436c0e 100755
--- a/typo3/sysext/cms/tslib/class.tslib_fe.php
+++ b/typo3/sysext/cms/tslib/class.tslib_fe.php
@@ -1044,9 +1044,10 @@
// Setting these specifically (like in the init-function):
if (isset($GET_VARS['type'])) $this->type = $GET_VARS['type'];
if (isset($GET_VARS['cHash'])) $this->cHash = $GET_VARS['cHash'];
- if (isset($GET_VARS['no_cache'])) $this->no_cache = $GET_VARS['no_cache'] ? 1 : 0;
if (isset($GET_VARS['jumpurl'])) $this->jumpurl = $GET_VARS['jumpurl'];
if (isset($GET_VARS['MP'])) $this->MP = $this->TYPO3_CONF_VARS['FE']['enable_mount_pids'] ? $GET_VARS['MP'] : '';
+
+ if (isset($GET_VARS['no_cache']) && $GET_VARS['no_cache']) $this->set_no_cache();
}
}
diff --git a/typo3/sysext/cms/tslib/index_ts.php b/typo3/sysext/cms/tslib/index_ts.php
index 0521031671a4..3cfbda95e381 100755
--- a/typo3/sysext/cms/tslib/index_ts.php
+++ b/typo3/sysext/cms/tslib/index_ts.php
@@ -177,7 +177,7 @@ if ($HTTP_COOKIE_VARS['be_typo_user']) { // If the backend cookie is set, we pr
$BE_USER->fetchGroupData();
$TSFE->beUserLogin=1;
}
- if ($BE_USER->checkLockToIP()) {
+ if ($BE_USER->checkLockToIP() && $BE_USER->checkBackendAccessSettingsFromInitPhp()) {
$BE_USER->extInitFeAdmin();
if ($BE_USER->extAdmEnabled) {
require_once(t3lib_extMgm::extPath('lang').'lang.php');
@@ -218,7 +218,7 @@ if ($HTTP_COOKIE_VARS['be_typo_user']) { // If the backend cookie is set, we pr
}
}
- if ($TSFE->forceTemplateParsing || $TSFE->displayEditIcons || $TSFE->displayFieldEditIcons) {$TSFE->set_no_cache();}
+ if ($TSFE->forceTemplateParsing || $TSFE->displayEditIcons || $TSFE->displayFieldEditIcons) { $TSFE->set_no_cache(); }
}
// $WEBMOUNTS = (string)($BE_USER->groupData['webmounts'])!='' ? explode(',',$BE_USER->groupData['webmounts']) : Array();
--
GitLab