Project

General

Profile

Actions
Copy link

Bug #14144

closed

t3lib_div::getIndpEnv() erroneously detects SSL -> BE crashes

Added by Ingmar Schlecht almost 20 years ago. Updated over 17 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
Backend API
Target version:
-
Start date:
2004-05-05
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
3.6.0 final
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Kasper has changed the code for SSL detection in CVS as of April 1st.

The log message was: "Fixed SSL problem and many other minor things".

See: http://cvs.sourceforge.net/viewcvs.py/typo3/TYPO3core/t3lib/class.t3lib_div.php?r1=1.26&r2=1.27

Unfortunately, this change has introduced a new bug for installations running on Microsoft IIS:
Although there is no SSL connection, the Backend sometimes redirects to https when logging in or out which results in a 404 error.

Affected versions are:
Microsoft-IIS: 5.1 and 6.0
PHP: 4.3.3, 4.3.6
php_sapi_name: isapi and cgi-fcgi

In both cases the Typo3 Debug information erroneously shows
TYPO3_SSL: 1

So the bug must be in t3lib_div::getIndpEnv()

Mailing list post about the problem:
http://typo3.org/documentation/mailing-lists/install-windows-archive/thread/46122/
(issue imported from #M62)

Actions
Copy link
 #1

Updated by Ingmar Schlecht almost 20 years ago

OK, I have found out the reason for the behaviour.

Typo3 does not check if the variable $_SERVER["HTTPS"] ist set to 'on', it just checks if it's set at all.

So even when it's set to
$_SERVER["HTTPS"] = 'off';
Typo3 thinks it is using an SSL connection.

Patch:
In the function getIndpEnv() replace this:
case 'TYPO3_SSL':
return ($HTTP_SERVER_VARS['SSL_SESSION_ID'] || $HTTP_SERVER_VARS['HTTPS']) ? TRUE : FALSE;

with this:
     case 'TYPO3_SSL':
         return $HTTP_SERVER_VARS['SSL_SESSION_ID'] || !strcmp($HTTP_SERVER_VARS['HTTPS'],'on') ? TRUE : FALSE;

edited on: 05.05.04 19:10

Actions
Copy link
 #2

Updated by Michael Stucki almost 20 years ago

Ingmar, you're great! :-)

Actions
Copy link
 #3

Updated by old_jgansemer almost 20 years ago

I have tested the bug fix and I can confirm it has fixed my HTTPS issue on IIS

Thanks a lot for this very prompt response
Jean Gansemer

Actions
Copy link
 #4

Updated by Kasper Skårhøj almost 20 years ago

The history is that I fixed this based on response from users mailing about the same problem. I could not test it myself because I do not have SSL servers. I wrote to all people reporting the bug to test it an report back (some 5-10 people). Two responded back that it was OK.
Over 1 month people have had the chance to find this before release. However no one did. So...

Thanks to ingmar for solving it!

Actions
Copy link
 #5

Updated by Ingmar Schlecht almost 20 years ago

OK, I just fixed this bug in CVS for branch TYPO3_3-6-0.
The fix will be included in a maintanace release within some days.

Actions
Copy link

Also available in: Atom PDF