diff --git a/typo3/sysext/context_help/Resources/Private/Language/locallang_csh_fe_groups.xlf b/typo3/sysext/context_help/Resources/Private/Language/locallang_csh_fe_groups.xlf index 3fe09d29cc0a1a4fb462a5ef97f33c7b3404e64e..71d90ff77871597e97c5e4811587743842feb0de 100644 --- a/typo3/sysext/context_help/Resources/Private/Language/locallang_csh_fe_groups.xlf +++ b/typo3/sysext/context_help/Resources/Private/Language/locallang_csh_fe_groups.xlf @@ -21,7 +21,7 @@ For instance if a page or content element was assigned access only by this group <source>This title will appear as the group name in the 'Access'-list in other records.</source> </trans-unit> <trans-unit id="lockToDomain.description"> - <source>Enter the host name from which the group will be available only.</source> + <source>Enter the host name from which the group will be available only. NOTICE: this is not a security feature and can be circumvented by faking HTTP_HOST.</source> </trans-unit> <trans-unit id="lockToDomain.details" xml:space="preserve"> <source>This options may be important if you have multiple websites in the same TYPO3 database but still only one main storage page for all Website users. Thus the users may log in on any of the website URLs. This may be considered a feature (having a global login as a user) or a problem (in which case you should have multiple user storages anyway). However you may wish to limit the use of a Website usergroup to a specific website and thus you don't want the group to be enabled for the user when he logs in at another URL (still from the same database of course). By entering the host name of the website here, you restrict the group to be used only from within this domain. diff --git a/typo3/sysext/context_help/Resources/Private/Language/locallang_csh_fe_users.xlf b/typo3/sysext/context_help/Resources/Private/Language/locallang_csh_fe_users.xlf index bcc6417391a567c3b89f45fe79b532b9d3a8b5bc..8c32079f31d87a346de643aab42cf273d7c187f7 100644 --- a/typo3/sysext/context_help/Resources/Private/Language/locallang_csh_fe_users.xlf +++ b/typo3/sysext/context_help/Resources/Private/Language/locallang_csh_fe_users.xlf @@ -25,7 +25,7 @@ <source>When a user logs in he is able to view all content which is access restricted to the user <em>group(s)</em> the user is a member of. Therefore the user login primarily makes sense with regard to the member groups.</source> </trans-unit> <trans-unit id="lockToDomain.description"> - <source>Enter the host name from which the user is forced to login.</source> + <source>Enter the host name from which the user is forced to login. NOTICE: this is not a security feature and can be circumvented by faking HTTP_HOST.</source> </trans-unit> <trans-unit id="lockToDomain.details"> <source>A TYPO3 system may have multiple domains pointing to it. Therefore this option secures that users can login only from a certain host name.</source> diff --git a/typo3/sysext/lang/Resources/Private/Language/locallang_csh_be_groups.xlf b/typo3/sysext/lang/Resources/Private/Language/locallang_csh_be_groups.xlf index 26fab4f7e1d77e4887bcd4df13a6d9f1c1f09bc3..a1de28753a573fd85d20862390890ef3caee3695 100644 --- a/typo3/sysext/lang/Resources/Private/Language/locallang_csh_be_groups.xlf +++ b/typo3/sysext/lang/Resources/Private/Language/locallang_csh_be_groups.xlf @@ -204,7 +204,7 @@ Examples from "Getting Started" | https://docs.typo3.org/typo3cms/GettingStarted <source>If you disable a user group all users which are members of the group will in effect not inherit any properties this group may have given them.</source> </trans-unit> <trans-unit id="lockToDomain.description"> - <source>Enter the host name from which the user is forced to login.</source> + <source>Enter the host name from which the user is forced to login. NOTICE: this is not a security feature and can be circumvented by faking HTTP_HOST.</source> </trans-unit> <trans-unit id="lockToDomain.details" xml:space="preserve"> <source>A TYPO3 system may host multiple websites on multiple domains. Therefore this option secures that users can login only from a certain host name. diff --git a/typo3/sysext/lang/Resources/Private/Language/locallang_csh_be_users.xlf b/typo3/sysext/lang/Resources/Private/Language/locallang_csh_be_users.xlf index 23747ac98f472e672ecc953424b32cf76f788d1a..bfc30c47622a7d49213e90daf0ace8710fb04016 100644 --- a/typo3/sysext/lang/Resources/Private/Language/locallang_csh_be_users.xlf +++ b/typo3/sysext/lang/Resources/Private/Language/locallang_csh_be_users.xlf @@ -78,7 +78,7 @@ be_groups</source> <note from="developer">This string contains an internal text, which must not be changed. Just copy the original text into the translation field. For more information have a look at the Tutorial.</note> </trans-unit> <trans-unit id="lockToDomain.description"> - <source>Enter the host name from which the user is forced to login.</source> + <source>Enter the host name from which the user is forced to login. NOTICE: this is not a security feature and can be circumvented by faking HTTP_HOST.</source> </trans-unit> <trans-unit id="lockToDomain.details"> <source>A TYPO3 system may have multiple domains pointing to it. Therefore this option secures that users can login only from a certain host name.</source>