bug_7397_v4.diff

Administrator Admin, 2009-07-23 12:45

Download (16.9 KB)

View differences:

t3lib/config_default.php (working copy)
76 76
		'binPath' => '', 						// String: List of absolute paths where external programs should be searched for. Eg. '/usr/local/webbin/,/home/xyz/bin/'. (ImageMagick path have to be configured separately)
77 77
		'binSetup' => '', 						// String (textarea): List of programs (separated by newline or comma). By default programs will be searched in default paths and the special paths defined by 'binPath'. When PHP has openbasedir enabled the programs can not be found and have to be configured here. Example: 'perl=/usr/bin/perl,unzip=/usr/local/bin/unzip'
78 78
		't3lib_cs_convMethod' => '',			// String (values: "iconv", "recode", "mbstring", default is homemade PHP-code). Defines which of these PHP-features to use for various Charset conversing functions in t3lib_cs. Will speed up charset conversion radically.
79
		't3lib_cs_utils' => '',					// String (values: "iconv" - PHP 5.0 only!, "mbstring", default is homemade PHP-code). Defines which of these PHP-features to use for various Charset processing functions in t3lib_cs. Will speed up charset functions radically.
79
		't3lib_cs_utils' => '',					// String (values: "iconv", "mbstring", default is homemade PHP-code). Defines which of these PHP-features to use for various character set processing functions in t3lib_cs. Will speed up charset functions radically.
80 80
		'no_pconnect' => 0,						// Boolean: If true, "connect" is used instead of "pconnect" when connecting to the database!
81 81
		'multiplyDBfieldSize' => 1,				// Double: 1-5: Amount used to multiply the DB field size when the install tool is evaluating the database size (eg. "2.5"). This is only useful e.g. if your database is iso-8859-1 encoded but you want to use utf-8 for your site. For Western European sites using utf-8 the need should not be for more than twice the normal single-byte size (2) and for Chinese / Asian languages 3 should suffice. NOTICE: It is recommended to change the native database charset instead! (see http://wiki.typo3.org/index.php/UTF-8_support for more information)
82 82
		'setDBinit' => '',						// String (textarea): Commands to send to database right after connecting, separated by newline. Ignored by the DBAL extension except for the 'native' type!
......
89 89
		'maxFileNameLength' => 60,				// Integer, This is the maximum file name length. The value will be taken into account by basic file operations like renaming or creation of files and folders.
90 90
		'UTF8filesystem' => 0,					// Boolean: If true and [BE][forceCharset] is set to utf-8, then TYPO3 uses utf-8 to store file names. This allows for accented Latin letters as well as any other non-latin characters like Cyrillic and Chinese.
91 91
		'lockingMode' => 'simple',					// String: Define which locking mode is used to control requests to pages being generated. Can be one of either "disable" (no locking), "simple" (checks for file existance), "flock" (using PHPs flock() function), "semaphore" (using PHPs sem_acquire() function). Default is "disable".
92
		'reverseProxyIP' => '',					// String: list of IP addresses. If TYPO3 is behind one or more (intransparent) reverese proxies the IP addresses must be added here.
93
		'reverseProxyHeaderMultiValue' => 'none',		// String, "none","first","last": defines which values of a proxy header (eg HTTP_X_FORWARDED_FOR) to use, if more than one is found. "none" discards the value, "first" and "last" use the first/last of the values in the list.
94
		'reverseProxyPrefix' => '',				// String: optional prefix to be added to the internal URL (SCRIPT_NAME and REQUEST_URI).
95
		'reverseProxySSL' => '',				// String: '*' or list of IP addresses of proxies that use SSL (https) for the connection to the client, but an unencrypted connection (http) to the server. If '*' all proxies defined in SYS[reverseProxyIP] use SSL.
96
		'reverseProxyPrefixSSL' => '',				// String: prefix to be added to the internal URL (SCRIPT_NAME and REQUEST_URI) when accessing the server via an SSL proxy. This setting overrides SYS[reverseProxyPrefix].
92 97
	),
93 98
	'EXT' => Array (	// Options related to the Extension Management
94 99
		'noEdit' => 1,							// Boolean: If set, the Extension Manager does NOT allow extension files to be edited! (Otherwise both local and global extensions can be edited.)
t3lib/class.t3lib_div.php (working copy)
625 625
	 * Usage: 10
626 626
	 *
627 627
	 * @param	string		$baseIP is the current remote IP address for instance, typ. REMOTE_ADDR
628
	 * @param	string		$list is a comma-list of IP-addresses to match with. *-wildcard allowed instead of number, plus leaving out parts in the IP number is accepted as wildcard (eg. 192.168.*.* equals 192.168). If list is "*" no check is done and the function returns TRUE immediately.
628
	 * @param	string		$list is a comma-list of IP-addresses to match with. *-wildcard allowed instead of number, plus leaving out parts in the IP number is accepted as wildcard (eg. 192.168.*.* equals 192.168). If list is "*" no check is done and the function returns TRUE immediately. An empty list always returns FALSE.
629 629
	 * @return	boolean		True if an IP-mask from $list matches $baseIP
630 630
	 */
631 631
	public static function cmpIP($baseIP, $list)	{
632
		if ($list==='*')	return TRUE;
632
		$list = trim($list);
633
		if ($list === '')	{
634
			return false;
635
		} elseif ($list === '*')	{
636
			return true;
637
		}
633 638
		if (strpos($baseIP, ':') !== false && t3lib_div::validIPv6($baseIP))	{
634 639
			return t3lib_div::cmpIPv6($baseIP, $list);
635 640
		} else {
......
792 797
	}
793 798

  
794 799
	/**
800
	 * Validate a given IP address.
801
	 *
802
	 * Possible format are IPv4 and IPv6.
803
	 *
804
	 * @param	string		IP address to be tested
805
	 * @return	boolean		True if $ip is either of IPv4 or IPv6 format.
806
	 */
807
	public static function validIP($ip) {
808
		if (strpos($ip, ':') === false)	{
809
			return t3lib_div::validIPv4($ip);
810
		} else {
811
			return t3lib_div::validIPv6($ip);
812
		}
813
	}
814

  
815
	/**
816
	 * Validate a given IP address to the IPv4 address format.
817
	 *
818
	 * Example for possible format:  10.0.45.99
819
	 *
820
	 * @param	string		IP address to be tested
821
	 * @return	boolean		True if $ip is of IPv4 format.
822
	 */
823
	public static function validIPv4($ip) {
824
		$parts = explode('.', $ip);
825
		if (count($parts)==4 &&
826
			t3lib_div::testInt($parts[0]) && $parts[0]>=1 && $parts[0]<256 &&
827
			t3lib_div::testInt($parts[1]) && $parts[0]>=0 && $parts[0]<256 &&
828
			t3lib_div::testInt($parts[2]) && $parts[0]>=0 && $parts[0]<256 &&
829
			t3lib_div::testInt($parts[3]) && $parts[0]>=0 && $parts[0]<256)	{
830
			return true;
831
		} else {
832
			return false;
833
		}
834
	}
835

  
836
	/**
795 837
	 * Validate a given IP address to the IPv6 address format.
796 838
	 *
797 839
	 * Example for possible format:  43FB::BB3F:A0A0:0 | ::1
......
853 895
	 * @return	boolean		true if $item is in $list
854 896
	 */
855 897
	public static function inList($list, $item)	{
856
		return (strpos(','.$list.',', ','.$item.',')!==false ? true : false);
898
		return (strpos('>,'.$list.',', ','.$item.',') ? true : false);
857 899
	}
858 900

  
859 901
	/**
......
1051 1093
	 * @return	string		Processed input value. See function description.
1052 1094
	 */
1053 1095
	public static function dirname($path)	{
1054
		$p = t3lib_div::revExplode('/',$path,2);
1055
		return count($p)==2 ? $p[0] : '';
1096
		$p=t3lib_div::revExplode('/',$path,2);
1097
		return count($p)==2?$p[0]:'';
1056 1098
	}
1057 1099

  
1058 1100
	/**
......
1391 1433

  
1392 1434
	/**
1393 1435
	 * Converts string to uppercase
1394
	 * The function converts all Latin characters (a-z, but no accents, etc) to
1395
	 * uppercase. It is safe for all supported character sets (incl. utf-8).
1396
	 * Unlike strtoupper() it does not honour the locale.
1436
	 * The function converts all Latin characters (a-z, but no accents, etc) to 
1437
	 * uppercase. It is safe for all supported character sets (incl. utf-8). 
1438
	 * Unlike strtoupper() it does not honour the locale. 
1397 1439
	 *
1398
	 * @param   string      Input string
1440
	 * @param   string      Input string 
1399 1441
	 * @return  string      Uppercase String
1400 1442
	 */
1401 1443
	public static function strtoupper($str) {
......
1404 1446

  
1405 1447
	/**
1406 1448
	 * Converts string to lowercase
1407
	 * The function converts all Latin characters (A-Z, but no accents, etc) to
1408
	 * lowercase. It is safe for all supported character sets (incl. utf-8).
1409
	 * Unlike strtolower() it does not honour the locale.
1449
	 * The function converts all Latin characters (A-Z, but no accents, etc) to 
1450
	 * lowercase. It is safe for all supported character sets (incl. utf-8). 
1451
	 * Unlike strtolower() it does not honour the locale. 
1410 1452
	 *
1411
	 * @param	string		Input string
1453
	 * @param	string		Input string 
1412 1454
	 * @return	string		Lowercase String
1413 1455
	 */
1414 1456
	public static function strtolower($str)	{
......
3188 3230
			Special extras:
3189 3231
				TYPO3_HOST_ONLY =		[host] = 192.168.1.4
3190 3232
				TYPO3_PORT =			[port] = 8080 (blank if 80, taken from host value)
3191
				TYPO3_REQUEST_HOST = 	[scheme]://[host][:[port]]
3233
				TYPO3_REQUEST_HOST = 		[scheme]://[host][:[port]]
3192 3234
				TYPO3_REQUEST_URL =		[scheme]://[host][:[port]][path]?[query] (scheme will by default be "http" until we can detect something different)
3193
				TYPO3_REQUEST_SCRIPT =  [scheme]://[host][:[port]][path_script]
3235
				TYPO3_REQUEST_SCRIPT =  	[scheme]://[host][:[port]][path_script]
3194 3236
				TYPO3_REQUEST_DIR =		[scheme]://[host][:[port]][path_dir]
3195 3237
				TYPO3_SITE_URL = 		[scheme]://[host][:[port]][path_dir] of the TYPO3 website frontend
3196
				TYPO3_SITE_SCRIPT = 	[script / Speaking URL] of the TYPO3 website
3197
				TYPO3_DOCUMENT_ROOT =	Absolute path of root of documents: TYPO3_DOCUMENT_ROOT.SCRIPT_NAME = SCRIPT_FILENAME (typically)
3198
				TYPO3_SSL = 			Returns TRUE if this session uses SSL (HTTPS)
3238
				TYPO3_SITE_SCRIPT = 		[script / Speaking URL] of the TYPO3 website
3239
				TYPO3_DOCUMENT_ROOT =		Absolute path of root of documents: TYPO3_DOCUMENT_ROOT.SCRIPT_NAME = SCRIPT_FILENAME (typically)
3240
				TYPO3_SSL = 			Returns TRUE if this session uses SSL/TLS (https)
3241
				TYPO3_PROXY = 			Returns TRUE if this session runs over a well known proxy
3199 3242

  
3200 3243
			Notice: [fragment] is apparently NEVER available to the script!
3201 3244

  
......
3214 3257
		switch ((string)$getEnvName)	{
3215 3258
			case 'SCRIPT_NAME':
3216 3259
				$retVal = (php_sapi_name()=='cgi'||php_sapi_name()=='cgi-fcgi')&&($_SERVER['ORIG_PATH_INFO']?$_SERVER['ORIG_PATH_INFO']:$_SERVER['PATH_INFO']) ? ($_SERVER['ORIG_PATH_INFO']?$_SERVER['ORIG_PATH_INFO']:$_SERVER['PATH_INFO']) : ($_SERVER['ORIG_SCRIPT_NAME']?$_SERVER['ORIG_SCRIPT_NAME']:$_SERVER['SCRIPT_NAME']);
3260
					// add a prefix if TYPO3 is behind a proxy: ext-domain.com => int-server.com/prefix
3261
				if (t3lib_div::cmpIP($_SERVER['REMOTE_ADDR'], $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'])) {
3262
					if (t3lib_div::getIndpEnv('TYPO3_SSL') && $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefixSSL']) {
3263
						$retVal = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefixSSL'].$retVal;
3264
					} elseif ($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefix']) {
3265
						$retVal = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefix'].$retVal;
3266
					}
3267
				}
3217 3268
			break;
3218 3269
			case 'SCRIPT_FILENAME':
3219 3270
				$retVal = str_replace('//','/', str_replace('\\','/', (php_sapi_name()=='cgi'||php_sapi_name()=='isapi' ||php_sapi_name()=='cgi-fcgi')&&($_SERVER['ORIG_PATH_TRANSLATED']?$_SERVER['ORIG_PATH_TRANSLATED']:$_SERVER['PATH_TRANSLATED'])? ($_SERVER['ORIG_PATH_TRANSLATED']?$_SERVER['ORIG_PATH_TRANSLATED']:$_SERVER['PATH_TRANSLATED']):($_SERVER['ORIG_SCRIPT_FILENAME']?$_SERVER['ORIG_SCRIPT_FILENAME']:$_SERVER['SCRIPT_FILENAME'])));
......
3226 3277
				} elseif (!$_SERVER['REQUEST_URI'])	{	// This is for ISS/CGI which does not have the REQUEST_URI available.
3227 3278
					$retVal = '/'.ereg_replace('^/','',t3lib_div::getIndpEnv('SCRIPT_NAME')).
3228 3279
						($_SERVER['QUERY_STRING']?'?'.$_SERVER['QUERY_STRING']:'');
3229
				} else $retVal = $_SERVER['REQUEST_URI'];
3280
				} else {
3281
					$retVal = $_SERVER['REQUEST_URI'];
3282
				}
3283
					// add a prefix if TYPO3 is behind a proxy: ext-domain.com => int-server.com/prefix
3284
				if (t3lib_div::cmpIP($_SERVER['REMOTE_ADDR'], $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'])) {
3285
					if (t3lib_div::getIndpEnv('TYPO3_SSL') && $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefixSSL']) {
3286
						$retVal = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefixSSL'].$retVal;
3287
					} elseif ($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefix']) {
3288
						$retVal = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyPrefix'].$retVal;
3289
					}
3290
				}
3230 3291
			break;
3231 3292
			case 'PATH_INFO':
3232 3293
					// $_SERVER['PATH_INFO']!=$_SERVER['SCRIPT_NAME'] is necessary because some servers (Windows/CGI) are seen to set PATH_INFO equal to script_name
3233 3294
					// Further, there must be at least one '/' in the path - else the PATH_INFO value does not make sense.
3234 3295
					// IF 'PATH_INFO' never works for our purpose in TYPO3 with CGI-servers, then 'php_sapi_name()=='cgi'' might be a better check. Right now strcmp($_SERVER['PATH_INFO'],t3lib_div::getIndpEnv('SCRIPT_NAME')) will always return false for CGI-versions, but that is only as long as SCRIPT_NAME is set equal to PATH_INFO because of php_sapi_name()=='cgi' (see above)
3235 3296
//				if (strcmp($_SERVER['PATH_INFO'],t3lib_div::getIndpEnv('SCRIPT_NAME')) && count(explode('/',$_SERVER['PATH_INFO']))>1)	{
3236
				if (php_sapi_name()!='cgi'&&php_sapi_name()!='cgi-fcgi')	{
3297
				if (php_sapi_name()!='cgi' && php_sapi_name()!='cgi-fcgi')	{
3237 3298
					$retVal = $_SERVER['PATH_INFO'];
3238 3299
				}
3239 3300
			break;
3301
			case 'TYPO3_REV_PROXY':
3302
				$retVal = t3lib_div::cmpIP($_SERVER['REMOTE_ADDR'], $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP']);
3303
			break;
3304
			case 'REMOTE_ADDR':
3305
				$retVal = $_SERVER['REMOTE_ADDR'];
3306
				if (t3lib_div::cmpIP($_SERVER['REMOTE_ADDR'], $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'])) {
3307
					$ip = t3lib_div::trimExplode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
3308
						// choose which IP in list to use
3309
					if (count($ip)) {
3310
						switch ($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyHeaderMultiValue']) {
3311
							case 'last':
3312
								$ip = array_pop($ip);
3313
							break;
3314
							case 'first':
3315
								$ip = array_unshift($ip);
3316
							break;
3317
							case 'none':
3318
							default:
3319
								$ip = '';
3320
							break;
3321
						}
3322
					}
3323
					if (t3lib_div::validIP($ip)) {
3324
						$retVal = $ip;
3325
					}
3326
				}
3327
			break;
3328
			case 'HTTP_HOST':
3329
				$retVal = $_SERVER['HTTP_HOST'];
3330
				if (t3lib_div::cmpIP($_SERVER['REMOTE_ADDR'], $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'])) {
3331
					$host = t3lib_div::trimExplode(',', $_SERVER['HTTP_X_FORWARDED_HOST']);
3332
						// choose which host in list to use
3333
					if (count($host)) {
3334
						switch ($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyHeaderMultiValue']) {
3335
							case 'last':
3336
								$host = array_pop($host);
3337
							break;
3338
							case 'first':
3339
								$host = array_unshift($host);
3340
							break;
3341
							case 'none':
3342
							default:
3343
								$host = '';
3344
							break;
3345
						}
3346
					}
3347
					if ($host)	{
3348
						$retVal = $host;
3349
					}
3350
				}
3351
			break;
3240 3352
				// These are let through without modification
3241
			case 'REMOTE_ADDR':
3242
			case 'REMOTE_HOST':
3243 3353
			case 'HTTP_REFERER':
3244
			case 'HTTP_HOST':
3245 3354
			case 'HTTP_USER_AGENT':
3246 3355
			case 'HTTP_ACCEPT_ENCODING':
3247 3356
			case 'HTTP_ACCEPT_LANGUAGE':
3357
			case 'REMOTE_HOST':
3248 3358
			case 'QUERY_STRING':
3249 3359
				$retVal = $_SERVER[$getEnvName];
3250 3360
			break;
......
3265 3375
				$retVal = $DR;
3266 3376
			break;
3267 3377
			case 'TYPO3_HOST_ONLY':
3268
				$p = explode(':',$_SERVER['HTTP_HOST']);
3378
				$p = explode(':',t3lib_div::getIndpEnv('HTTP_HOST'));
3269 3379
				$retVal = $p[0];
3270 3380
			break;
3271 3381
			case 'TYPO3_PORT':
3272
				$p = explode(':',$_SERVER['HTTP_HOST']);
3382
				$p = explode(':',t3lib_div::getIndpEnv('HTTP_HOST'));
3273 3383
				$retVal = $p[1];
3274 3384
			break;
3275 3385
			case 'TYPO3_REQUEST_HOST':
3276 3386
				$retVal = (t3lib_div::getIndpEnv('TYPO3_SSL') ? 'https://' : 'http://').
3277
					$_SERVER['HTTP_HOST'];
3387
					t3lib_div::getIndpEnv('HTTP_HOST');
3278 3388
			break;
3279 3389
			case 'TYPO3_REQUEST_URL':
3280 3390
				$retVal = t3lib_div::getIndpEnv('TYPO3_REQUEST_HOST').t3lib_div::getIndpEnv('REQUEST_URI');
......
3298 3408
				$retVal = substr(t3lib_div::getIndpEnv('TYPO3_REQUEST_URL'),strlen(t3lib_div::getIndpEnv('TYPO3_SITE_URL')));
3299 3409
			break;
3300 3410
			case 'TYPO3_SSL':
3301
				$retVal = $_SERVER['SSL_SESSION_ID'] || !strcmp($_SERVER['HTTPS'],'on') || !strcmp($_SERVER['HTTPS'],'1') ? TRUE : FALSE;	// see http://bugs.typo3.org/view.php?id=3909
3411
				$proxySSL = trim($GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxySSL']);
3412
				if ($proxySSL == '*') {
3413
					$proxySSL = $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'];
3414
				}
3415
				if (t3lib_div::cmpIP($_SERVER['REMOTE_ADDR'], $proxySSL))	{
3416
					$retVal = true;
3417
				} else {
3418
					$retVal = $_SERVER['SSL_SESSION_ID'] || !strcmp($_SERVER['HTTPS'],'on') || !strcmp($_SERVER['HTTPS'],'1') ? true : false;	// see http://bugs.typo3.org/view.php?id=3909
3419
				}
3302 3420
			break;
3303 3421
			case '_ARRAY':
3304 3422
				$out = array();
......
3318 3436
					TYPO3_SITE_URL,
3319 3437
					TYPO3_SITE_SCRIPT,
3320 3438
					TYPO3_SSL,
3439
					TYPO3_REV_PROXY,
3321 3440
					SCRIPT_NAME,
3322 3441
					TYPO3_DOCUMENT_ROOT,
3323 3442
					SCRIPT_FILENAME,