Project

General

Profile

Feature #18172 » 0007461.patch

Administrator Admin, 2009-09-16 22:56

View differences:

t3lib/config_default.php (Arbeitskopie)
'compat_version' => '3.8', // Compatibility version. TYPO3 behavior will try to be compatible with the output from the TYPO3 version set here. It is recommended to change this setting with the Upgrade Wizard.
'encryptionKey' => '', // This is a "salt" used for various kinds of encryption, CRC checksums and validations. You can enter any rubbish string here but try to keep it secret. You should notice that a change to this value might invalidate temporary information, URLs etc. At least, clear all cache if you change this so any such information can be rebuild with the new key.
'cookieDomain' => '', // When setting the value to ".example.com" (replace example.com with your domain!), login sessions will be shared across subdomains. Alternatively, if you have more than one domain with sub-domains, you can set the value to a regular expression to match against the domain of the HTTP request. The result of the match is used as the domain for the cookie. eg. /\.(example1|example2)\.com$/ or /\.(example1\.com)|(example2\.net)$/
'cookieSecure' => 1, // Boolean: Indicates that the cookie should only be transmitted over a secure HTTPS connection from the client. When enabled, the cookie will only be set if a secure (HTTPS) connection exists.
'cookieHttpOnly' => 0, // Boolean: When enabled the cookie will be made accessible only through the HTTP protocol. This means that the cookie won't be accessible by scripting languages, such as JavaScript. This setting can effectively help to reduce identity theft through XSS attacks (although it is not supported by all browsers).
'doNotCheckReferer' => 0, // Boolean. If set, it's NOT checked numerous places that the refering host is the same as the current. This is an option you should set if you have problems with proxies not passing the HTTP_REFERER variable.
'recursiveDomainSearch' => 0, // Boolean. If set, the search for domain records will be done recursively by stripping parts of the host name off until a matching domain record is found.
'devIPmask' => '127.0.0.1,::1', // Defines a list of IP addresses which will allow development-output to display. The debug() function will use this as a filter. See the function t3lib_div::cmpIP() for details on syntax. Setting this to blank value will deny all. Setting to "*" will allow all.
t3lib/class.t3lib_userauth.php (Arbeitskopie)
if ($this->writeDevLog && !is_array($this->user)) t3lib_div::devLog('No user session found.', 't3lib_userAuth', 2);
// Setting cookies
if ($TYPO3_CONF_VARS['SYS']['cookieDomain']) {
if ($TYPO3_CONF_VARS['SYS']['cookieDomain']{0} == '/') {
$matchCnt = @preg_match($TYPO3_CONF_VARS['SYS']['cookieDomain'], t3lib_div::getIndpEnv('TYPO3_HOST_ONLY'), $match);
if ($matchCnt === FALSE) {
t3lib_div::sysLog('The regular expression of $TYPO3_CONF_VARS[SYS][cookieDomain] contains errors. The session is not shared across sub-domains.', 'Core', 3);
} elseif ($matchCnt) {
$cookieDomain = $match[0];
}
} else {
$cookieDomain = $TYPO3_CONF_VARS['SYS']['cookieDomain'];
}
if (!$this->dontSetCookie) {
$this->setSessionCookie();
}
// If new session and the cookie is a sessioncookie, we need to set it only once!
if ($this->isSetSessionCookie()) {
if (!$this->dontSetCookie) {
if ($cookieDomain) {
SetCookie($this->name, $id, 0, '/', $cookieDomain);
} else {
SetCookie($this->name, $id, 0, t3lib_div::getIndpEnv('TYPO3_SITE_PATH'));
}
if ($this->writeDevLog) t3lib_div::devLog('Set new Cookie: '.$id.($cookieDomain ? ', '.$cookieDomain : ''), 't3lib_userAuth');
}
}
// If it is NOT a session-cookie, we need to refresh it.
if ($this->isRefreshTimeBasedCookie()) {
if (!$this->dontSetCookie) {
if ($cookieDomain) {
SetCookie($this->name, $id, $GLOBALS['EXEC_TIME'] + $this->lifetime, '/', $cookieDomain);
} else {
SetCookie($this->name, $id, $GLOBALS['EXEC_TIME'] + $this->lifetime, t3lib_div::getIndpEnv('TYPO3_SITE_PATH'));
}
if ($this->writeDevLog) t3lib_div::devLog('Update Cookie: '.$id.($cookieDomain ? ', '.$cookieDomain : ''), 't3lib_userAuth');
}
}
// Hook for alternative ways of filling the $this->user array (is used by the "timtaw" extension)
if (is_array($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['postUserLookUp'])) {
foreach ($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['postUserLookUp'] as $funcName) {
......
}
/**
* Sets the session cookie for the current disposal.
*
* @return void
*/
protected function setSessionCookie() {
$isSetSessionCookie = $this->isSetSessionCookie();
$isRefreshTimeBasedCookie = $this->isRefreshTimeBasedCookie();
if ($isSetSessionCookie || $isRefreshTimeBasedCookie) {
$settings = $GLOBALS['TYPO3_CONF_VARS']['SYS'];
// Get the domain to be used for the cookie (if any):
$cookieDomain = $this->getCookieDomain();
// If no cookie domain is set, use the base path:
$cookiePath = ($cookieDomain ? '/' : t3lib_div::getIndpEnv('TYPO3_SITE_PATH'));
// If the cookie lifetime is set, use it:
$cookieExpire = ($isRefreshTimeBasedCookie ? $GLOBALS['EXEC_TIME'] + $this->lifetime : 0);
// Use the secure option when the current request is served by a secure connection:
$cookieSecure = (bool)$settings['cookieSecure'] && t3lib_div::getIndpEnv('TYPO3_SSL');
// Deliver cookies only via HTTP and prevent possible XSS by JavaScript:
$cookieHttpOnly = (bool)$settings['cookieHttpOnly'];
setcookie(
$this->name,
$this->id,
$cookieExpire,
$cookiePath,
$cookieDomain,
$cookieSecure,
$cookieHttpOnly
);
if ($this->writeDevLog) {
$devLogMessage = ($isRefreshTimeBasedCookie ? 'Updated Cookie: ' : 'Set Cookie: ') . $this->id;
t3lib_div::devLog($devLogMessage . ($cookieDomain ? ', '.$cookieDomain : ''), 't3lib_userAuth');
}
}
}
/**
* Gets the domain to be used on setting cookies.
* The information is taken from the value in $TYPO3_CONF_VARS[SYS][cookieDomain].
*
* @return string The domain to be used on setting cookies
*/
protected function getCookieDomain() {
$result = '';
$cookieDomain = $GLOBALS['TYPO3_CONF_VARS']['SYS']['cookieDomain'];
if ($cookieDomain) {
if ($cookieDomain{0} == '/') {
$matchCnt = @preg_match($cookieDomain, t3lib_div::getIndpEnv('TYPO3_HOST_ONLY'), $match);
if ($matchCnt === FALSE) {
t3lib_div::sysLog('The regular expression of $TYPO3_CONF_VARS[SYS][cookieDomain] contains errors. The session is not shared across sub-domains.', 'Core', 3);
} elseif ($matchCnt) {
$result = $match[0];
}
} else {
$result = $TYPO3_CONF_VARS['SYS']['cookieDomain'];
}
}
return $result;
}
/**
* Determine whether a session cookie needs to be set (lifetime=0)
*
* @return boolean
(1-1/2)