From c9ca950a3e4965a46e2924f05d8fb158e3ad8d08 Mon Sep 17 00:00:00 2001 From: Tomita Militaru <militarutomita@gmail.com> Date: Fri, 2 Sep 2016 13:17:17 +0200 Subject: [PATCH] [TASK] Adds notice for lockDomain option in tooltip Notice message for lockDomain option that it can be circumvented by faking HTTP_HOST Resolves: #75104 Releases: master Change-Id: I9b83ab7380123a78a2b99b8ab8127a4fcc69beb4 Reviewed-on: https://review.typo3.org/49751 Tested-by: TYPO3com <no-reply@typo3.com> Reviewed-by: Mona Muzaffar <mona.muzaffar@gmx.de> Tested-by: Mona Muzaffar <mona.muzaffar@gmx.de> Reviewed-by: Josef Glatz <josef.glatz@typo3.org> Tested-by: Josef Glatz <josef.glatz@typo3.org> Reviewed-by: Georg Ringer <georg.ringer@gmail.com> Tested-by: Georg Ringer <georg.ringer@gmail.com> --- .../Resources/Private/Language/locallang_csh_fe_groups.xlf | 2 +- .../Resources/Private/Language/locallang_csh_fe_users.xlf | 2 +- .../lang/Resources/Private/Language/locallang_csh_be_groups.xlf | 2 +- .../lang/Resources/Private/Language/locallang_csh_be_users.xlf | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/typo3/sysext/context_help/Resources/Private/Language/locallang_csh_fe_groups.xlf b/typo3/sysext/context_help/Resources/Private/Language/locallang_csh_fe_groups.xlf index 3fe09d29cc0a..71d90ff77871 100644 --- a/typo3/sysext/context_help/Resources/Private/Language/locallang_csh_fe_groups.xlf +++ b/typo3/sysext/context_help/Resources/Private/Language/locallang_csh_fe_groups.xlf @@ -21,7 +21,7 @@ For instance if a page or content element was assigned access only by this group <source>This title will appear as the group name in the 'Access'-list in other records.</source> </trans-unit> <trans-unit id="lockToDomain.description"> - <source>Enter the host name from which the group will be available only.</source> + <source>Enter the host name from which the group will be available only. NOTICE: this is not a security feature and can be circumvented by faking HTTP_HOST.</source> </trans-unit> <trans-unit id="lockToDomain.details" xml:space="preserve"> <source>This options may be important if you have multiple websites in the same TYPO3 database but still only one main storage page for all Website users. Thus the users may log in on any of the website URLs. This may be considered a feature (having a global login as a user) or a problem (in which case you should have multiple user storages anyway). However you may wish to limit the use of a Website usergroup to a specific website and thus you don't want the group to be enabled for the user when he logs in at another URL (still from the same database of course). By entering the host name of the website here, you restrict the group to be used only from within this domain. diff --git a/typo3/sysext/context_help/Resources/Private/Language/locallang_csh_fe_users.xlf b/typo3/sysext/context_help/Resources/Private/Language/locallang_csh_fe_users.xlf index bcc6417391a5..8c32079f31d8 100644 --- a/typo3/sysext/context_help/Resources/Private/Language/locallang_csh_fe_users.xlf +++ b/typo3/sysext/context_help/Resources/Private/Language/locallang_csh_fe_users.xlf @@ -25,7 +25,7 @@ <source>When a user logs in he is able to view all content which is access restricted to the user <em>group(s)</em> the user is a member of. Therefore the user login primarily makes sense with regard to the member groups.</source> </trans-unit> <trans-unit id="lockToDomain.description"> - <source>Enter the host name from which the user is forced to login.</source> + <source>Enter the host name from which the user is forced to login. NOTICE: this is not a security feature and can be circumvented by faking HTTP_HOST.</source> </trans-unit> <trans-unit id="lockToDomain.details"> <source>A TYPO3 system may have multiple domains pointing to it. Therefore this option secures that users can login only from a certain host name.</source> diff --git a/typo3/sysext/lang/Resources/Private/Language/locallang_csh_be_groups.xlf b/typo3/sysext/lang/Resources/Private/Language/locallang_csh_be_groups.xlf index 26fab4f7e1d7..a1de28753a57 100644 --- a/typo3/sysext/lang/Resources/Private/Language/locallang_csh_be_groups.xlf +++ b/typo3/sysext/lang/Resources/Private/Language/locallang_csh_be_groups.xlf @@ -204,7 +204,7 @@ Examples from "Getting Started" | https://docs.typo3.org/typo3cms/GettingStarted <source>If you disable a user group all users which are members of the group will in effect not inherit any properties this group may have given them.</source> </trans-unit> <trans-unit id="lockToDomain.description"> - <source>Enter the host name from which the user is forced to login.</source> + <source>Enter the host name from which the user is forced to login. NOTICE: this is not a security feature and can be circumvented by faking HTTP_HOST.</source> </trans-unit> <trans-unit id="lockToDomain.details" xml:space="preserve"> <source>A TYPO3 system may host multiple websites on multiple domains. Therefore this option secures that users can login only from a certain host name. diff --git a/typo3/sysext/lang/Resources/Private/Language/locallang_csh_be_users.xlf b/typo3/sysext/lang/Resources/Private/Language/locallang_csh_be_users.xlf index 23747ac98f47..bfc30c47622a 100644 --- a/typo3/sysext/lang/Resources/Private/Language/locallang_csh_be_users.xlf +++ b/typo3/sysext/lang/Resources/Private/Language/locallang_csh_be_users.xlf @@ -78,7 +78,7 @@ be_groups</source> <note from="developer">This string contains an internal text, which must not be changed. Just copy the original text into the translation field. For more information have a look at the Tutorial.</note> </trans-unit> <trans-unit id="lockToDomain.description"> - <source>Enter the host name from which the user is forced to login.</source> + <source>Enter the host name from which the user is forced to login. NOTICE: this is not a security feature and can be circumvented by faking HTTP_HOST.</source> </trans-unit> <trans-unit id="lockToDomain.details"> <source>A TYPO3 system may have multiple domains pointing to it. Therefore this option secures that users can login only from a certain host name.</source> -- GitLab